NotCVE - vendor:"John Vandyk" product:"Workflow" version:"5.x-1.0"

3 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0

CVE-2010-1539

https://notcve.org/view.php?id=CVE-2010-1539

26 Apr 2010 — Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Workflow 5.x-2.x en versiones anteriores a la 5.x-2.6 y 6.x-1.x en versiones anteriores a la 6.x-1.4 para Drupal, cuando se usa con el módulo Token, puede permitir a a... • http://drupal.org/node/731624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0

CVE-2009-4513

https://notcve.org/view.php?id=CVE-2009-4513

31 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal Workflow v5.x anteriores a v5.x-2.4 y v6.x anteriores a v6.x-1.2, permite a atacantes remot... • http://drupal.org/node/612832 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2008-0463

https://notcve.org/view.php?id=CVE-2008-0463

25 Jan 2008 — Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Workflow para Drupal, en versiones 4.7.x anteriores a 4.7.x-1.2 y 5.x anteriores a 5.x-1.2, permite que atacantes remotos inyecten, a su elección, código web o HTML usando vectores relacionados con ... • http://drupal.org/node/213473 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •