CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2009-3918
https://notcve.org/view.php?id=CVE-2009-3918
Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de Drupal "Zoomify" v5.x antes de v5.x-2.2 y v6.x antes de v6.x-1.4 permite a atacantes remotos inyectar HTML o scripts weba través del título del nodo. • http://drupal.org/node/623434 http://drupal.org/node/623436 http://drupal.org/node/623678 http://osvdb.org/59671 http://secunia.com/advisories/37263 http://www.securityfocus.com/bid/36930 https://exchange.xforce.ibmcloud.com/vulnerabilities/54155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2009-3914
https://notcve.org/view.php?id=CVE-2009-3914
Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "Temporary Invitation" v5.X antes de v5.x-2.3 permite a atacantes remotos inyectar HTML o scripts web a través del campo Name en una invitación. • http://drupal.org/node/623018 http://drupal.org/node/623526 http://osvdb.org/59679 http://secunia.com/advisories/37286 http://www.securityfocus.com/bid/37072 https://exchange.xforce.ibmcloud.com/vulnerabilities/54148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-3780
https://notcve.org/view.php?id=CVE-2009-3780
Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Abuse v5.x anteriores a v5.x-2.1 y v6.x anteriores a v6.x-1.1-alpha1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de véctores no especificados. • http://drupal.org/node/610784 http://drupal.org/node/610900 http://drupal.org/node/611078 http://secunia.com/advisories/37129 http://www.securityfocus.com/bid/36791 https://exchange.xforce.ibmcloud.com/vulnerabilities/53898 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3786
https://notcve.org/view.php?id=CVE-2009-3786
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 http://drupal.org/node/610948 http://drupal.org/node/621960 http://drupal.org/node/623674 http://osvdb.org/59129 http://osvdb.org/59673 http://secunia.com/advisories/37125 http://secunia.com/advisories/37290 http://www.securityfocus.com/bid/36784 http://www.securityfocus.com/bid/36929 http://www.vupen.com/english/advisories/2009/3000 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3779
https://notcve.org/view.php?id=CVE-2009-3779
Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal vCard v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relativos a añadir la función theme_vcard. • http://drupal.org/node/610416 http://drupal.org/node/610420 http://drupal.org/node/610996 http://secunia.com/advisories/37127 http://www.securityfocus.com/bid/36789 http://www.vupen.com/english/advisories/2009/3002 https://exchange.xforce.ibmcloud.com/vulnerabilities/53903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •