CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2008-6170
https://notcve.org/view.php?id=CVE-2008-6170
Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en Drupal v5.x anterior a v5.12 v6.x anterior a v6.6, lo que permite a usuarios remotos autenticados con permisos para crear contenidos de libros o editar la jerarquía de nodos de los libros inyectar secuencias de comandos web o HTML a través de la pagina de titulo del libro. • http://drupal.org/node/324824 http://secunia.com/advisories/32297 http://secunia.com/advisories/32441 http://www.securityfocus.com/bid/31882 http://www.vupen.com/english/advisories/2008/2913 https://exchange.xforce.ibmcloud.com/vulnerabilities/46052 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 18EXPL: 0CVE-2008-6171
https://notcve.org/view.php?id=CVE-2008-6171
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. El archivo includes/bootstrap.inc en Drupal versiones 5.x anterior a 5.12 y versiones 6.x anterior a 6.6, cuando el servidor está configurado para "IP-based virtual hosts," permite a los atacantes remotos incluir y ejecutar archivos arbitrarios por medio del encabezado Host de HTTP. • http://drupal.org/files/sa-2008-067/SA-2008-067-5.11.patch http://drupal.org/node/324824 http://secunia.com/advisories/32389 http://secunia.com/advisories/32441 http://www.securityfocus.com/bid/31900 http://www.vupen.com/english/advisories/2008/2913 https://exchange.xforce.ibmcloud.com/vulnerabilities/46049 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00783.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00826.html • CWE-16: Configuration CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6137
https://notcve.org/view.php?id=CVE-2008-6137
EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors. EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos saltarse las restricciones de acceso mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45759 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6135
https://notcve.org/view.php?id=CVE-2008-6135
Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45757 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6134
https://notcve.org/view.php?id=CVE-2008-6134
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en EveryBlog v5.x y v6.x, un modulo para Drupal, permite a atacantes remotos ejecutar comandos SQL de su elección mediante vectores no especificados. • http://drupal.org/node/318746 http://secunia.com/advisories/32194 http://www.securityfocus.com/bid/31656 https://exchange.xforce.ibmcloud.com/vulnerabilities/45756 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •