📦

date

Vendor: karen_stevenson

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.44% Exploit Prob.

Latest CVE CVE-2021-41817 Jan 01

Security Vulnerability Index

Page 1 / 1

7.5 CVSS

CVE-2021-41817

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1.

EPSS: 0.49%

Severity: HIGH

Jan 01, 2022

3.5 CVSS

CVE-2014-5169

Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.

EPSS: 0.21%

Severity: LOW

Oct 20, 2014

6.0 CVSS

CVE-2012-1626

SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.

EPSS: 0.59%

Severity: MEDIUM

Sep 20, 2012

2.1 CVSS

CVE-2009-3156

Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

EPSS: 0.47%

Severity: LOW

Sep 10, 2009

Displaying 4 of 3 Total Entries

Total 1 Sections