Karen Stevenson » Date : Security Vulnerabilities, CVEs,
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.0
EPSS Score
0.26%
Published
2012-09-20
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
Max CVSS
2.1
EPSS Score
0.13%
Published
2009-09-10
Updated
2017-08-17
2 vulnerabilities found