Filtered by vendor Nancy Wichmann
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4500 | 2 Drupal, Nancy Wichmann | 2 Drupal, Announcements | 2024-11-21 | 3.5 LOW | N/A |
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | |||||
CVE-2012-2711 | 2 Drupal, Nancy Wichmann | 2 Drupal, Taxonomy List | 2024-11-21 | 2.1 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. | |||||
CVE-2012-2339 | 2 Drupal, Nancy Wichmann | 2 Drupal, Glossary | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." | |||||
CVE-2012-2302 | 2 Drupal, Nancy Wichmann | 2 Drupal, Sitedoc | 2024-11-21 | 5.0 MEDIUM | N/A |
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2012-2298 | 2 Drupal, Nancy Wichmann | 3 Drupal, Realname, Realname | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." | |||||
CVE-2009-4524 | 2 Drupal, Nancy Wichmann | 2 Drupal, Realname | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element. |