CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2009-4296
https://notcve.org/view.php?id=CVE-2009-4296
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Taxonomy Timer v5.x-1.8 y anteriores y v6.x-alpha1 v anteriores para Drupal permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores sin especi • http://drupal.org/node/641050 http://drupal.org/node/641064 http://drupal.org/node/649396 http://secunia.com/advisories/37573 http://www.securityfocus.com/bid/37189 http://www.vupen.com/english/advisories/2009/3388 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2009-4207
https://notcve.org/view.php?id=CVE-2009-4207
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Webform versiones v5.x anteriores a v5.x-2.7 y v6.x anteriores a v6.x-2.7, un módulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un envío de formulario. • http://drupal.org/node/481258 http://drupal.org/node/481260 http://drupal.org/node/481268 http://secunia.com/advisories/35339 http://www.securityfocus.com/bid/35197 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4119
https://notcve.org/view.php?id=CVE-2009-4119
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Feed Element Mapper v5.x anteriores a v5.x-1.3, v6.x anteriores a v6.x-1.3, y v6.x-2.0-alpha anteriores a v6.x-2.0-alpha4 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque sin especificar. • http://drupal.org/node/636496 http://drupal.org/node/636498 http://drupal.org/node/636518 http://osvdb.org/60288 http://secunia.com/advisories/37439 http://www.securityfocus.com/bid/37060 https://exchange.xforce.ibmcloud.com/vulnerabilities/54338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-4066
https://notcve.org/view.php?id=CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados(CSRF) en el apartado "My Account" (mi cuenta) del módulo PHPList Integration v5 anteriores a v5.x-1.2 y v6 anteriores a v6.x-1.1 de Drupal. Permiten a atacantes remotos secuestrar las credenciales de autenticación de usuarios de su elección a través de vectores de ataque relacionados con (1) la suscripción (2) o desinscripción de las listas de correo. • http://drupal.org/node/636398 http://drupal.org/node/636400 http://drupal.org/node/636412 http://osvdb.org/60283 http://secunia.com/advisories/37434 http://www.securityfocus.com/bid/37054 https://exchange.xforce.ibmcloud.com/vulnerabilities/54336 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-4063
https://notcve.org/view.php?id=CVE-2009-4063
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Subgroups for Organic Groups (OG) v5.x anteriores a la v5.x-4.0 y v5.x anteriores a la v5.x-3.4 de Drupal. Permite a atacantes remotos inyectar codigo de script web o código HTML a través de los títulos de nodo. • http://drupal.org/node/630004 http://drupal.org/node/636562 http://osvdb.org/60287 http://secunia.com/advisories/37438 http://www.securityfocus.com/bid/37056 https://exchange.xforce.ibmcloud.com/vulnerabilities/54341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •