Drupal Storm 1.32 Cross Site Scripting

Drupal Storm module is a CRM type module that allows you to make orgs, people, tasks, and project. It is used on thousands of sites according to http://drupal.org/project/usage/storm. Storm version 1.32 have a lots of cross site scripting vulns. Sploits - Make or view a Storm organization at...

CVE-2009-4515

The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors...