Page 18 of 151 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0

CVE-2009-3915

https://notcve.org/view.php?id=CVE-2009-3915

Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. Una vulnerabilidad de ejecución de secuencias de comandos en el formateador de separación de título y URL del módulo de Drupal "Link" v5.x antes de v5.x-2.6 y v6.x antes de v6.x-2.7, permite a atacantes remotos inyectar HTML o scripts web a través del campo de título del enlace. • http://drupal.org/node/620662 http://drupal.org/node/620668 http://drupal.org/node/623562 http://osvdb.org/59672 http://secunia.com/advisories/37289 http://www.securityfocus.com/bid/36928 https://exchange.xforce.ibmcloud.com/vulnerabilities/54142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2009-3922

https://notcve.org/view.php?id=CVE-2009-3922

Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo User Protect v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, módulo para Drupal, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que (1) elimine la protección de edición de un usuario y (2) elimine ciertos tipos de reglas de prevención de administración. • http://drupal.org/node/623162 http://drupal.org/node/623180 http://drupal.org/node/623186 http://osvdb.org/59692 http://secunia.com/advisories/37283 http://www.securityfocus.com/bid/36922 https://exchange.xforce.ibmcloud.com/vulnerabilities/54145 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2009-3918

https://notcve.org/view.php?id=CVE-2009-3918

Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de Drupal "Zoomify" v5.x antes de v5.x-2.2 y v6.x antes de v6.x-1.4 permite a atacantes remotos inyectar HTML o scripts weba través del título del nodo. • http://drupal.org/node/623434 http://drupal.org/node/623436 http://drupal.org/node/623678 http://osvdb.org/59671 http://secunia.com/advisories/37263 http://www.securityfocus.com/bid/36930 https://exchange.xforce.ibmcloud.com/vulnerabilities/54155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2009-3917

https://notcve.org/view.php?id=CVE-2009-3917

Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "S5 Presentation Player" v6.x-1.x antes de v6.x-1.1, permite a atacantes remotos inyectar HTML o scripts web a través de un campo sin especificar que se copia el elemento HTML HEAD. • http://drupal.org/node/623508 http://osvdb.org/59678 http://secunia.com/advisories/37285 http://www.securityfocus.com/bid/36923 https://exchange.xforce.ibmcloud.com/vulnerabilities/54147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

CVE-2009-3783

https://notcve.org/view.php?id=CVE-2009-3783

Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal Simplenews Statistics v6.x anteriores a v6.x-2.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del un vector no especificado. • http://drupal.org/node/590098 http://drupal.org/node/611002 http://secunia.com/advisories/37128 http://www.securityfocus.com/bid/36790 https://exchange.xforce.ibmcloud.com/vulnerabilities/53905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •