CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2009-5096
https://notcve.org/view.php?id=CVE-2009-5096
13 Sep 2011 — Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el módulo 'Flag Content' v5.x-2.x antes de v5.x-2.10 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'Reason'. • http://drupal.org/node/610868 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2010-4775
https://notcve.org/view.php?id=CVE-2010-4775
23 Mar 2011 — The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 for Drupal does not properly implement node access logic, which allows remote attackers to discover restricted node titles and relationships. El módulo Relevant Content v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.5 para Drupal no aplica adecuadamente la lógica de acceso a nodo, lo que permite a atacantes remotos a descubrir títulos de nodos restringidos y relaciones. • http://drupal.org/node/974668 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2010-4519
https://notcve.org/view.php?id=CVE-2010-4519
23 Dec 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the Views UI implementation in the Views module 5.x before 5.x-1.8 and 6.x before 6.x-2.11 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable all Views or (2) disable all Views. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la implementación de Views UI en el módulo Views v5.x anterior v5.x-1.8 y v6.x anterior v6.x-2.11 para Drupal permite a atacantes re... • http://drupal.org/node/829840 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 32EXPL: 0CVE-2010-3685
https://notcve.org/view.php?id=CVE-2010-3685
29 Sep 2010 — The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not checking for reuse of openid.response_nonce values, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. El módulo de OpenID en Drupal v6.x antes de v6.18, y el módulo de OpenID v5.x antes de v5.x-1.4 para Drupal, viola el protocolo OpenID v2.0, al no comprobar la reutilización de los valores openid.response_nonce, lo ... • http://drupal.org/node/880476 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 32EXPL: 0CVE-2010-3686
https://notcve.org/view.php?id=CVE-2010-3686
29 Sep 2010 — The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not ensuring that fields are signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. El módulo de OpenID en Drupal v6.x antes de v6.18, y el módulo de OpenID v5.x antes de v5.x-1.4 para Drupal, viola el protocolo OpenID v2.0, al no garantizar que los campos están firmados, lo cual permite a atacantes remotos evitar la... • http://drupal.org/node/880476 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 32EXPL: 0CVE-2010-3091
https://notcve.org/view.php?id=CVE-2010-3091
29 Sep 2010 — The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x before 5.x-1.4 for Drupal, violates the OpenID 2.0 protocol by not verifying the openid.return_to value, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. El módulo OpenID en Drupal v6.x anterior a v6.18, y el módulo OpenID v5.x anterior a v5.x-1.4 para Drupal, viola el protocolo OpenID v2.0, al no verificar el valor openid.return_to, lo cual permite a atacantes remotos evitar la a... • http://drupal.org/node/880476 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 55EXPL: 0CVE-2010-3092
https://notcve.org/view.php?id=CVE-2010-3092
21 Sep 2010 — The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. El módulo de carga en Drupal v5.x anterior a v5.23 y v6.x anterior a v6.18 no soporta apropiadamente la manipulación de nombres de archivos insensibles a mayúsculas y minúsculas en la configuración de la base ... • http://drupal.org/node/880476 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 55EXPL: 0CVE-2010-3093
https://notcve.org/view.php?id=CVE-2010-3093
21 Sep 2010 — The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. El módulo comentario en Drupal v5.x anterior a v5.23 y v6.x anterior a v6.18 permite a usuarios autenticados remotamente con ciertos privilegios evitar restricciones de acceso pretendidas y restaurar comentarios eliminados a través de una URL manipulada, re... • http://drupal.org/node/880476 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2009-4990
https://notcve.org/view.php?id=CVE-2009-4990
25 Aug 2010 — Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo WebForm v5.x y v6.x para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del envío de un formulario. • http://drupal.org/node/540980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 33EXPL: 0CVE-2010-2724
https://notcve.org/view.php?id=CVE-2010-2724
13 Jul 2010 — Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Hierarchical Select 5.x en versiones anteriores a la 5.x-3.2 y 6.x en versiones anteriores a la 6.x-3.2 para Drupal, permite a atacantes... • http://drupal.org/node/847488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •