CVSS: 8.8EPSS: 0%CPEs: 20EXPL: 0CVE-2012-1626
https://notcve.org/view.php?id=CVE-2012-1626
20 Sep 2012 — SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en formulario de conversión para Eventos en el módulo Fecha v6.x-2.x antes de v6.x-2.8 para Drupal permite ejecutar comandos SQL a usuarios remotos autenticados con el privilegio "administrar Fecha de Herramientas" a través de ve... • http://drupal.org/node/1401026 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2010-2352
https://notcve.org/view.php?id=CVE-2010-2352
21 Jun 2010 — The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. El módulo "Node Reference" (referencia de nodo) en el módulo "Content Construction Kit" (CCK o kit de construcción de contenido) v5.x en versiones anteriores a la v5.x-1.11 y v6.x en versiones anteriores a la v6.x-2.7 para Drupal no realiza comprobaciones de acceso an... • http://drupal.org/node/829566 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2009-3156
https://notcve.org/view.php?id=CVE-2009-3156
10 Sep 2009 — Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field. Vulnerabilidad de ejecución de secuencias de comandos de sitios cruzados (XSS) en el sub-modulo Date Tools del modulo Date v6.x anteriores a 6.x-2.3 para Drupal permite a usuarios remotos autenticados con privilegios de "... • http://drupal.org/node/534332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2009-3157
https://notcve.org/view.php?id=CVE-2009-3157
10 Sep 2009 — Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo "Calendar" (calendario) en versiones v6.x anteriores a la v6.x-2.2 para Drupal permite a atacantes remotos autenticados, con privilegios "create new content types" (crear nuevos tipos de c... • http://drupal.org/node/534336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2008-6972
https://notcve.org/view.php?id=CVE-2008-6972
13 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings. Vulnerabilidad múltiple de ejecución de secuencias de comandos en sitios cruzados - XSS - en Drupal Content Construction Kit (CCK) v5.x hasta v5.x-1.8 permite a los usuarios remotos autenticados con permisos "ad... • http://drupal.org/node/304093 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •