CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4518
https://notcve.org/view.php?id=CVE-2009-4518
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Insert Node v5.x anterior a v5.x-1.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un nodo insertado. • http://drupal.org/node/616546 http://drupal.org/node/617400 http://secunia.com/advisories/37199 http://www.securityfocus.com/bid/36861 http://www.vupen.com/english/advisories/2009/3086 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2009-4513
https://notcve.org/view.php?id=CVE-2009-4513
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal Workflow v5.x anteriores a v5.x-2.4 y v6.x anteriores a v6.x-1.2, permite a atacantes remotos autenticados con privilegios "administer Workflow", inyectar secuencias de comandos web o HTML a través del nombre de un (1) Workflow o (2) estado de Workflow. • http://drupal.org/node/612832 http://drupal.org/node/612834 http://drupal.org/node/617456 http://secunia.com/advisories/37203 http://www.securityfocus.com/bid/36878 http://www.vupen.com/english/advisories/2009/3089 https://exchange.xforce.ibmcloud.com/vulnerabilities/54028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4528
https://notcve.org/view.php?id=CVE-2009-4528
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. El módulo Organic Groups (OG)Vocabulary v6.x anterior a v6.x-1.0 para Drupal, permite a grupos miembros de usuarios autenticados remotamente evitar las restricciones de acceso establecidas, creando, modificando o leyendo palabras de su elección a través de vectores no especificados. • http://drupal.org/node/604354 http://drupal.org/node/604514 http://osvdb.org/58947 http://secunia.com/advisories/37060 http://www.securityfocus.com/bid/36685 http://www.vupen.com/english/advisories/2009/2920 https://exchange.xforce.ibmcloud.com/vulnerabilities/53780 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4520
https://notcve.org/view.php?id=CVE-2009-4520
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. El módulo CK Comment Reference v5.x anteriores a v5.x-1.2 y v6.x anteriores a v6.x-1.3, un módulo para Drupal, permite a atacantes remotos eludir las restricciones de acceso implementadas y leer comentarios al usar el autocompletado. • http://drupal.org/node/617380 http://secunia.com/advisories/37206 http://www.securityfocus.com/bid/36863 http://www.vupen.com/english/advisories/2009/3084 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0CVE-2009-4533
https://notcve.org/view.php?id=CVE-2009-4533
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attackers to read session variables via unspecified vectors. El módulo Webform v5.x anteriores a v5.x-2.8 y v6.x anteriores a v6.x-2.8, un módulo para Drupal, no evita el almacenamiento en caché de una página que contiene una variable token con un valor por defecto, permitiendo a atacantes remotos leer variables de sesión mediante vectores no especificados. • http://drupal.org/node/604920 http://drupal.org/node/604922 http://drupal.org/node/604942 http://osvdb.org/58946 http://secunia.com/advisories/37021 http://www.securityfocus.com/bid/36708 http://www.vupen.com/english/advisories/2009/2923 https://exchange.xforce.ibmcloud.com/vulnerabilities/53797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •