1 results (0.001 seconds)
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2009-3157
https://notcve.org/view.php?id=CVE-2009-3157
10 Sep 2009 — Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo "Calendar" (calendario) en versiones v6.x anteriores a la v6.x-2.2 para Drupal permite a atacantes remotos autenticados, con privilegios "create new content types" (crear nuevos tipos de c... • http://drupal.org/node/534336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •