CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2010-4519
https://notcve.org/view.php?id=CVE-2010-4519
23 Dec 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la implementación de Views UI en el módulo Views v5.x anterior v5.x-1.8 y v6.x anterior v6.x-2.11 para Drupal permite a atacantes re... • http://drupal.org/node/829840 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 31EXPL: 0CVE-2010-4520
https://notcve.org/view.php?id=CVE-2010-4520
23 Dec 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Views v6.x anterior v6.x-2.11 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a través del título (1) una URL o (2)un título aggregator • http://drupal.org/node/829840 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 32EXPL: 0CVE-2010-4521
https://notcve.org/view.php?id=CVE-2010-4521
23 Dec 2010 — Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Views v6.x anterior v6.x-2.12 para Drupal permite a atacantes remotos inyectar código web y HTML de su elección a través de la ruta de página. • http://drupal.org/node/999380 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2237
https://notcve.org/view.php?id=CVE-2009-2237
27 Jun 2009 — Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). Vulnerabilidad no especificada en Views Bulk Operations 5.x-1.x antes de 5.x-1.4 y 6.x-1.x ante de 6.x-1.7, un modulo para Drupal, permite a atacantes remotos evitar las restricciones de acceso previstas y mod... • http://drupal.org/node/468450 •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1CVE-2009-2076
https://notcve.org/view.php?id=CVE-2009-2076
16 Jun 2009 — Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Views v6.x anteriores a v6.x-2.6, un modulo de Drupal, permite a... • http://drupal.org/node/488068 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2009-2077
https://notcve.org/view.php?id=CVE-2009-2077
16 Jun 2009 — Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries. Drupal v6.x anteriores a v6.x-2.6, un modulo de Drupal, permite a usuarios autenticados evitar las restricciones de acceso y (1) leer contenido sin publicar de usuarios anónimos cuando una vista esta configurada para mostrar contenido, y... • http://drupal.org/node/488068 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2009-0575
https://notcve.org/view.php?id=CVE-2009-0575
13 Feb 2009 — Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función theme_views_bulk_operations_con... • http://drupal.org/node/369223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2008-6020
https://notcve.org/view.php?id=CVE-2008-6020
02 Feb 2009 — SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." Vulnerabilidad de inyección SQL en el módulo Views del gestor de contenidos Drupal en las versiones v6.x anteriores a la v6.x-2.2. Permite a los usuarios remotos ejecutar código arbitrario SQL a través de vectores de ataque desconocidos relacionados con un filtro vulnerable en los campos de texto CCK... • http://drupal.org/node/347831 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •