CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2009-3210
https://notcve.org/view.php?id=CVE-2009-3210
16 Sep 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en el módulo Print (también conocido como Printer, versión para e-mail y PDF) v5.x anterior a v5.x-4.8 y v6.x anterior a v6.x-1.8 para Drupal, permite a us... • http://drupal.org/node/554326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 36EXPL: 0CVE-2009-1823
https://notcve.org/view.php?id=CVE-2009-1823
29 May 2009 — Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Print (t... • http://drupal.org/node/461674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 34EXPL: 0CVE-2009-1343
https://notcve.org/view.php?id=CVE-2009-1343
20 Apr 2009 — Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo módulo Print o Printer (en sus variantes e-mail y PDF) en sus versiones 5.x anteriores a 5.x-4.5 y 6.x anteriores a 6.x-1.5 del gestor de contenidos Drupal. Permite a usuarios remotos in... • http://drupal.org/node/434748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4789
https://notcve.org/view.php?id=CVE-2008-4789
29 Oct 2008 — The validation functionality in the core upload module in Drupal 6.x before 6.5 allows remote authenticated users to bypass intended access restrictions and "attach files to content," related to a "logic error." La funcionalidad de validación del núcleo del módulo de subida en Drupal 6.x anterior a 6.5 permite a un usuario remoto autentificado sobrepasar las restricciones de acceso y "añadir archivos al contenido"; está relacionado con un "error lógico". • http://drupal.org/node/318706 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4790
https://notcve.org/view.php?id=CVE-2008-4790
29 Oct 2008 — The core upload module in Drupal 5.x before 5.11 allows remote authenticated users to bypass intended access restrictions and read "files attached to content" via unknown vectors. El módulo central de subidas de Drupal 5.x Anterior a 5.11 permite a un usuario remoto autentificado sobrepasar las restricciones de acceso y leer "archivos adjuntos al contenido" mediante un método desconocido. • http://drupal.org/node/318706 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4793
https://notcve.org/view.php?id=CVE-2008-4793
29 Oct 2008 — The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules. El API del módulo nodo en Drupal 5.x anterior a 5.11 permite a un atacante remoto evitar la validación del nodo, y tiene otros impactos por medio de ataques desconocidos relacionados con los módulos contribuídos. • http://drupal.org/node/318706 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1978
https://notcve.org/view.php?id=CVE-2008-1978
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE-2008-1428. Vulnerabilidad de secuencias de órdenes en sitios cruzados (XSS) en el módulo Ubercart 5.x anteriores a 5.x-1.0 rc3 de Drupal permite a usuarios remotos autenticados inyectar 'script' web o HTML de su elección mediante títulos de nodos relaciona... • http://drupal.org/node/250343 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1980
https://notcve.org/view.php?id=CVE-2008-1980
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de órdenes (XSS) en el módulo de Drupal "E-Publish" 5.x anteriores a 5.x-1.1 y 6.x anteriores a 6.x-1.0 beta1, permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/250408 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 48EXPL: 0CVE-2008-0272
https://notcve.org/view.php?id=CVE-2008-0272
15 Jan 2008 — Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo aggregator en Drupal 4.7.x anterior a 4.7.11 y 5.x anterior a 5.6 permite a atacantes remotos borrar campos desde un alimentador con privilegios de usuario. • http://drupal.org/node/208562 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2008-0273
https://notcve.org/view.php?id=CVE-2008-0273
15 Jan 2008 — Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. Conflicto de interpretación en Drupal 4.7.x anterior a 4.7.11 y 5.x anterior a 5.6, cuando se u... • http://drupal.org/node/208564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •