CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 1CVE-2009-2373
https://notcve.org/view.php?id=CVE-2009-2373
Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Forum en Drupal v.6.x anteriores a v.6.13 permite a los atacantes remotos inyectar código web o HTM a través de vectores no especificados. • http://drupal.org/node/507572 http://osvdb.org/55524 http://secunia.com/advisories/35681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2374
https://notcve.org/view.php?id=CVE-2009-2374
Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be read from (1) the HTTP referer header of external web sites that are visited from those links or (2) when page caching is enabled, the Drupal page cache. Drupal v.5.x anteriores a v.5.19 y 6.x anteriores a v.6.13 no limpian adecuadamente el intento de acceso fallido a páginas que contienen tablas ordenadas,que incluyen el nombre de usuario y contraseña que puede ser leidas desde (1) la cabecera referida a HTTP de sitios web externos que son visitados desde estos enlaces o (2) cuando la página es activado, la pagina cache Drupal. • http://drupal.org/node/507572 http://osvdb.org/55524 http://secunia.com/advisories/35657 http://secunia.com/advisories/35681 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2009-2370
https://notcve.org/view.php?id=CVE-2009-2370
Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Advanced Forum v5.x anteriores a v5.x-1.1 y v6.x anteriores a v6.x-1.1, un modulo de Drupal permite a los atacantes remotos inyectar código web o HTM a través de vectores no especificados. • http://drupal.org/node/507526 http://drupal.org/node/507550 http://drupal.org/node/507580 http://osvdb.org/55521 http://secunia.com/advisories/35678 http://secunia.com/advisories/35682 http://www.vupen.com/english/advisories/2009/1769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2237
https://notcve.org/view.php?id=CVE-2009-2237
Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). Vulnerabilidad no especificada en Views Bulk Operations 5.x-1.x antes de 5.x-1.4 y 6.x-1.x ante de 6.x-1.7, un modulo para Drupal, permite a atacantes remotos evitar las restricciones de acceso previstas y modificar "nodos o clases de nodos" mediante vectores desconocidos, probablemente relacionado con procedimientos registrados (alias acciones). • http://drupal.org/node/468450 http://secunia.com/advisories/35117 http://www.securityfocus.com/bid/35051 https://exchange.xforce.ibmcloud.com/vulnerabilities/50659 •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2008-6835
https://notcve.org/view.php?id=CVE-2008-6835
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en OpenID 5.x antes de 5.x-1.2, un modulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/280592 http://drupal.org/node/280593 http://osvdb.org/46938 http://secunia.com/advisories/31027 http://www.securityfocus.com/bid/30165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •