1 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo de Drupal "Agreement" v6.x antes de v6.x-1.2 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/631538 http://drupal.org/node/636568 http://osvdb.org/60274 http://secunia.com/advisories/37437 http://www.securityfocus.com/bid/37057 https://exchange.xforce.ibmcloud.com/vulnerabilities/54342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •