CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-4042
https://notcve.org/view.php?id=CVE-2009-4042
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema de Drupal "RootCandy" v6.x antes de v6.x-1.5 permite a atacantes remotos inyectar HTML o scripts web a través de la URI. • http://drupal.org/node/629894 http://drupal.org/node/630168 http://osvdb.org/59914 http://secunia.com/advisories/37334 http://www.securityfocus.com/bid/36998 http://www.vupen.com/english/advisories/2009/3210 https://exchange.xforce.ibmcloud.com/vulnerabilities/54245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •