Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1626 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2017-08-28 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-3156 | 2 Drupal, Karen Stevenson | 2 Drupal, Date | 2017-08-16 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. | |||||