CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2009-3914
https://notcve.org/view.php?id=CVE-2009-3914
Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "Temporary Invitation" v5.X antes de v5.x-2.3 permite a atacantes remotos inyectar HTML o scripts web a través del campo Name en una invitación. • http://drupal.org/node/623018 http://drupal.org/node/623526 http://osvdb.org/59679 http://secunia.com/advisories/37286 http://www.securityfocus.com/bid/37072 https://exchange.xforce.ibmcloud.com/vulnerabilities/54148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2009-3921
https://notcve.org/view.php?id=CVE-2009-3921
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. El módulo Smartqueue_og v5.x anteriores a v5.x-1.3 y v6.x anteriores a6.x-1.0-rc3, módulo para Drupal, en ciertas circunstancias no verifica los privilegios del nodo de grupo, implicando la creación de una sub-cola que permite a usuarios remotos autenticados, descubrir nombres de grupo orgánicos de su elección leyendo los mensajes de confirmación. • http://drupal.org/node/617496 http://drupal.org/node/617500 http://drupal.org/node/623554 http://osvdb.org/59675 http://secunia.com/advisories/37288 http://www.securityfocus.com/bid/36925 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3786
https://notcve.org/view.php?id=CVE-2009-3786
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 http://drupal.org/node/610948 http://drupal.org/node/621960 http://drupal.org/node/623674 http://osvdb.org/59129 http://osvdb.org/59673 http://secunia.com/advisories/37125 http://secunia.com/advisories/37290 http://www.securityfocus.com/bid/36784 http://www.securityfocus.com/bid/36929 http://www.vupen.com/english/advisories/2009/3000 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3779
https://notcve.org/view.php?id=CVE-2009-3779
Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal vCard v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relativos a añadir la función theme_vcard. • http://drupal.org/node/610416 http://drupal.org/node/610420 http://drupal.org/node/610996 http://secunia.com/advisories/37127 http://www.securityfocus.com/bid/36789 http://www.vupen.com/english/advisories/2009/3002 https://exchange.xforce.ibmcloud.com/vulnerabilities/53903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-3780
https://notcve.org/view.php?id=CVE-2009-3780
Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Abuse v5.x anteriores a v5.x-2.1 y v6.x anteriores a v6.x-1.1-alpha1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de véctores no especificados. • http://drupal.org/node/610784 http://drupal.org/node/610900 http://drupal.org/node/611078 http://secunia.com/advisories/37129 http://www.securityfocus.com/bid/36791 https://exchange.xforce.ibmcloud.com/vulnerabilities/53898 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •