apk package
chainguard/drupal-11-apache2-config
pkg:apk/chainguard/drupal-11-apache2-config
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-2306 | — | < 0 | 0 | Jul 25, 2012 | SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2012-2339 | — | < 11.2.5-r1 | 11.2.5-r1 | May 21, 2012 | Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." | ||
| CVE-2009-4066 | — | < 11.2.5-r1 | 11.2.5-r1 | Nov 24, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or ( | ||
| CVE-2009-3479 | — | < 11.2.5-r1 | 11.2.5-r1 | Sep 30, 2009 | Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title. | ||
| CVE-2009-3156 | — | < 11.2.5-r1 | 11.2.5-r1 | Sep 10, 2009 | Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type lab | ||
| CVE-2009-1047 | — | < 11.2.5-r1 | 11.2.5-r1 | Mar 23, 2009 | Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTM | ||
| CVE-2008-0462 | — | < 11.2.5-r1 | 11.2.5-r1 | Jan 25, 2008 | Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- CVE-2012-2306Jul 25, 2012affected < 0fixed 0
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2012-2339May 21, 2012affected < 11.2.5-r1fixed 11.2.5-r1
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."
- CVE-2009-4066Nov 24, 2009affected < 11.2.5-r1fixed 11.2.5-r1
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (
- CVE-2009-3479Sep 30, 2009affected < 11.2.5-r1fixed 11.2.5-r1
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.
- CVE-2009-3156Sep 10, 2009affected < 11.2.5-r1fixed 11.2.5-r1
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type lab
- CVE-2009-1047Mar 23, 2009affected < 11.2.5-r1fixed 11.2.5-r1
Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTM
- CVE-2008-0462Jan 25, 2008affected < 11.2.5-r1fixed 11.2.5-r1
Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.