CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3786
https://notcve.org/view.php?id=CVE-2009-3786
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 http://drupal.org/node/610948 http://drupal.org/node/621960 http://drupal.org/node/623674 http://osvdb.org/59129 http://osvdb.org/59673 http://secunia.com/advisories/37125 http://secunia.com/advisories/37290 http://www.securityfocus.com/bid/36784 http://www.securityfocus.com/bid/36929 http://www.vupen.com/english/advisories/2009/3000 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3779
https://notcve.org/view.php?id=CVE-2009-3779
Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal vCard v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relativos a añadir la función theme_vcard. • http://drupal.org/node/610416 http://drupal.org/node/610420 http://drupal.org/node/610996 http://secunia.com/advisories/37127 http://www.securityfocus.com/bid/36789 http://www.vupen.com/english/advisories/2009/3002 https://exchange.xforce.ibmcloud.com/vulnerabilities/53903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3653
https://notcve.org/view.php?id=CVE-2009-3653
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output. Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados(XSS) en la interfaz "enlaces adicionales" en el modulo de Drupal "XML Sitemap" v5.x-1.6, permite inyectar HTML o scripts web a usuarios remotos autenticados con el permiso "administrar la configuración del sitio", a través de vectores no especificados relacionados con la ruta de enlace de salida. • http://drupal.org/node/591724 http://drupal.org/node/591732 http://www.securityfocus.com/bid/36556 https://exchange.xforce.ibmcloud.com/vulnerabilities/53572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3657
https://notcve.org/view.php?id=CVE-2009-3657
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión del módulo de Drupal Shared Sign-On 5.x y 6.x, permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://drupal.org/node/592488 http://www.securityfocus.com/bid/36563 https://exchange.xforce.ibmcloud.com/vulnerabilities/53560 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-3651
https://notcve.org/view.php?id=CVE-2009-3651
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la opción "Monitor Browsers" del módulo de Drupal "Browscap" antes de v5.x-1.1 y v6.x-1.1, permite a atacantes remotos inyectar HTML o scripts web a través de la cabecera HTTP User-Agent. • http://drupal.org/node/592262 http://drupal.org/node/592264 http://drupal.org/node/592272 http://osvdb.org/58444 http://secunia.com/advisories/36912 http://www.securityfocus.com/bid/36557 https://exchange.xforce.ibmcloud.com/vulnerabilities/53571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •