RSS   Vulnerabilities for 'DATE'   RSS

2012-09-19
 
CVE-2012-1626

CWE-89
 

 
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.

 
2009-09-10
 
CVE-2009-3156

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

 

 >>> Vendor: Karen stevenson 3 Products
CCK
DATE
Calendar


Copyright 2019, cxsecurity.com

 

Back to Top