CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3219
https://notcve.org/view.php?id=CVE-2008-3219
18 Jul 2008 — The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting (XSS) protection mechanism. La función filter_xss_admin en versiones de Drupal 5.X anteriores a la 5.8 y 6.X anteriores a la 6.3 no "impide la utilización del objeto etiqueta HTML en la entrada de administrador" lo cual tiene un impacto desconocido y vectores de ata... • http://drupal.org/node/280571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-3220
https://notcve.org/view.php?id=CVE-2008-3220
18 Jul 2008 — Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before 5.8 and 6.x before 6.3 allows remote attackers to perform administrative actions via vectors involving deletion of "translated strings." Vulnerabilidad de Falsificación de petición en sitios cruzados (CSRF) en versiones de Drupal 5.x anteriores a 5.8 y 6.X anteriores a 6.3 permite a atacantes remotos realizar acciones administrativas a través de vectores que impliquen la supresión de "cadenas traducidas". • http://drupal.org/node/280571 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 0CVE-2008-3222
https://notcve.org/view.php?id=CVE-2008-3222
18 Jul 2008 — Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. Una vulnerabilidad de fijación de sesión en Drupal versiones 5.x anteriores a 5.9 y versiones 6.x anteriores a 6.3, cuando los módulos aportados "terminate the current request during a login event", permite a los atacantes remotos secuestrar sesiones web por medio de vectores desconocidos... • http://drupal.org/node/280571 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2008-2998
https://notcve.org/view.php?id=CVE-2008-2998
03 Jul 2008 — Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Aggregation 5.x versiones anteriores a 5.x-4.4 para Drupal permiten a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://drupal.org/node/269479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-2999
https://notcve.org/view.php?id=CVE-2008-2999
03 Jul 2008 — Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en el módulo Aggregation 5.x versiones anteriores a 5.x-4.4 módulo Aggregation permiten a atacantes remotos ejecutar comandos SQL de su elección a través de vectores no especificados. • http://drupal.org/node/269479 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2008-2771
https://notcve.org/view.php?id=CVE-2008-2771
18 Jun 2008 — The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. El módulo Node Hierarchy 5.x anterior a 5.x-1.1 y 6.x anteriores a 6.x-1.0 para Drupal no implementa adecuadamente los controles de acceso, lo que permite a atacantes remotos con permiso de "acceso al contenido", evitar las restricciones y m... • http://drupal.org/node/269473 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 48EXPL: 0CVE-2008-0272
https://notcve.org/view.php?id=CVE-2008-0272
15 Jan 2008 — Cross-site request forgery (CSRF) vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo aggregator en Drupal 4.7.x anterior a 4.7.11 y 5.x anterior a 5.6 permite a atacantes remotos borrar campos desde un alimentador con privilegios de usuario. • http://drupal.org/node/208562 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2008-0273
https://notcve.org/view.php?id=CVE-2008-0273
15 Jan 2008 — Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism. Conflicto de interpretación en Drupal 4.7.x anterior a 4.7.11 y 5.x anterior a 5.6, cuando se u... • http://drupal.org/node/208564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2008-0276
https://notcve.org/view.php?id=CVE-2008-0276
15 Jan 2008 — Cross-site scripting (XSS) vulnerability in the Devel module before 5.x-0.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via a site variable, related to lack of escaping of the variable table. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en el módulo Devel anterior a 5.x-0.1 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la variable site, Relacionado con la falta de escape de la variable tabla. • http://drupal.org/node/208524 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •