CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3362
https://notcve.org/view.php?id=CVE-2015-3362
Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title. Vulnerabilidad de XSS en el módulo Video anterior a 7.x-2.11 para Drupal, cuando utiliza el plugin video WYSIWYG, permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de un título de nodo. • http://www.openwall.com/lists/oss-security/2015/01/29/6 http://www.securityfocus.com/bid/72117 https://www.drupal.org/node/2407047 https://www.drupal.org/node/2407341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1641 – EfesTECH Video 5.0 - 'catID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1641
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. Vulnerabilidad de inyección SQL en default.asp de EfesTECH Video 5.0, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro catID. • https://www.exploit-db.com/exploits/31582 http://secunia.com/advisories/29611 http://securityreason.com/securityalert/3791 http://www.securityfocus.com/archive/1/490309/100/0/threaded http://www.securityfocus.com/bid/28532 https://exchange.xforce.ibmcloud.com/vulnerabilities/41550 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •