CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-4061
https://notcve.org/view.php?id=CVE-2009-4061
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo de Drupal "Agreement" v6.x antes de v6.x-1.2 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/631538 http://drupal.org/node/636568 http://osvdb.org/60274 http://secunia.com/advisories/37437 http://www.securityfocus.com/bid/37057 https://exchange.xforce.ibmcloud.com/vulnerabilities/54342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4062
https://notcve.org/view.php?id=CVE-2009-4062
Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el módulo de Drupal "Printfriendly" v6.x antes de v6.x-1.6 permiten a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/636670 http://drupal.org/node/636678 http://osvdb.org/60281 http://secunia.com/advisories/37441 http://www.securityfocus.com/bid/37059 https://exchange.xforce.ibmcloud.com/vulnerabilities/54348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2009-4064
https://notcve.org/view.php?id=CVE-2009-4064
Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Gallery Assist v6.x anteriores a la v6.x-1.7 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML a través de "node titles" (títulos de nodo). • http://drupal.org/node/636488 http://drupal.org/node/636660 http://osvdb.org/60270 http://secunia.com/advisories/37425 http://www.securityfocus.com/bid/37061 https://exchange.xforce.ibmcloud.com/vulnerabilities/54347 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2009-3921
https://notcve.org/view.php?id=CVE-2009-3921
The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. El módulo Smartqueue_og v5.x anteriores a v5.x-1.3 y v6.x anteriores a6.x-1.0-rc3, módulo para Drupal, en ciertas circunstancias no verifica los privilegios del nodo de grupo, implicando la creación de una sub-cola que permite a usuarios remotos autenticados, descubrir nombres de grupo orgánicos de su elección leyendo los mensajes de confirmación. • http://drupal.org/node/617496 http://drupal.org/node/617500 http://drupal.org/node/623554 http://osvdb.org/59675 http://secunia.com/advisories/37288 http://www.securityfocus.com/bid/36925 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3916
https://notcve.org/view.php?id=CVE-2009-3916
Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo de Drupal "Node Hierarchy" v5.x antes de v5.x-1.3 y v6.x antes de v6.x-1.3, permite a atacantes remotos inyectar HTML o scripts web a través de un título de nodo hijo. • http://drupal.org/node/622092 http://drupal.org/node/622100 http://drupal.org/node/623490 http://osvdb.org/59674 http://secunia.com/advisories/37284 http://www.securityfocus.com/bid/37071 https://exchange.xforce.ibmcloud.com/vulnerabilities/54146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •