Vulnerabilities (CVE)

Filtered by vendor Nancy Wichmann Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4500 2 Drupal, Nancy Wichmann 2 Drupal, Announcements 2024-11-21 3.5 LOW N/A
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.
CVE-2012-2711 2 Drupal, Nancy Wichmann 2 Drupal, Taxonomy List 2024-11-21 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information.
CVE-2012-2339 2 Drupal, Nancy Wichmann 2 Drupal, Glossary 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
CVE-2012-2302 2 Drupal, Nancy Wichmann 2 Drupal, Sitedoc 2024-11-21 5.0 MEDIUM N/A
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2012-2298 2 Drupal, Nancy Wichmann 3 Drupal, Realname, Realname 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
CVE-2009-4524 2 Drupal, Nancy Wichmann 2 Drupal, Realname 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.