CVSS: 5.4EPSS: 0%CPEs: 34EXPL: 0CVE-2010-1958
https://notcve.org/view.php?id=CVE-2010-1958
21 Jun 2010 — Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo FileField v5.x anteriores a v5.x-2.5 y v6.x anteriores a v6.x-3.4 para Drupal. Permite a usuarios remotos autenticad... • http://drupal.org/node/829808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2010-2352
https://notcve.org/view.php?id=CVE-2010-2352
21 Jun 2010 — The Node Reference module in Content Construction Kit (CCK) module 5.x before 5.x-1.11 and 6.x before 6.x-2.7 for Drupal does not perform access checks before displaying referenced nodes, which allows remote attackers to read controlled nodes. El módulo "Node Reference" (referencia de nodo) en el módulo "Content Construction Kit" (CCK o kit de construcción de contenido) v5.x en versiones anteriores a la v5.x-1.11 y v6.x en versiones anteriores a la v6.x-2.7 para Drupal no realiza comprobaciones de acceso an... • http://drupal.org/node/829566 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 51EXPL: 0CVE-2010-2158
https://notcve.org/view.php?id=CVE-2010-2158
07 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS)... • http://drupal.org/node/803770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 51EXPL: 1CVE-2010-2123
https://notcve.org/view.php?id=CVE-2010-2123
01 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) city, (4) provstate (aka state), (5) phone, or (6) taxid parameter in a stormorganization action to index.php; the (7) name parameter in a stormperson action to index.php; the (8) stepno (aka Step no.) or (9) title parameter in a stormtask action to index.p... • http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 0CVE-2010-2125
https://notcve.org/view.php?id=CVE-2010-2125
01 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute. Multiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Rotor Banner v5.x anterior a v5.x-1.8 y v6.x anterior a v6.x-2.5 para Drupal permite ... • http://drupal.org/node/803930 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2010-2030
https://notcve.org/view.php?id=CVE-2010-2030
24 May 2010 — Cross-site scripting (XSS) vulnerability in the External Link Page module 5.x before 5.x-1.0 and 6.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the administration and redirect pages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo External Link Page v5.x en versiones anteriores a la v5.x-1.0 y v6.x en versiones anteriores a la v6.x-1.2 de Drupal. Permite a atacantes remotos inyectar codigo de script web o cód... • http://drupal.org/node/803766 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 34EXPL: 0CVE-2010-2000
https://notcve.org/view.php?id=CVE-2010-2000
20 May 2010 — Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bibliography (Biblio) módulo v5.x hasta v5.x-1.17 y v6.x hasta v6.x-1.9 para Drupal permite a usuarios autenticados en remoto co... • http://drupal.org/node/796498 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2010-2002
https://notcve.org/view.php?id=CVE-2010-2002
20 May 2010 — Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Wordfilter v5.x anteriores a v5.x-1.1 y 6.x anteriores v6.x-1.1 para Drupal permite a usuarios autenticados en remoto, con privilegios "administer words filtered", inyectar cód... • http://drupal.org/node/796618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2010-1984
https://notcve.org/view.php?id=CVE-2010-1984
19 May 2010 — Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy Breadcrumb v5.x anterior a v5.x-1.5 y v6.x anterior a v6.x-1.1 para Drupal, permite a usuarios autenticados en remoto con permisos d... • http://drupal.org/node/757974 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 31EXPL: 0CVE-2010-1536
https://notcve.org/view.php?id=CVE-2010-1536
26 Apr 2010 — Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo AddThis Button v5.x anterior a v5.x-2.2 y v6.x anterior a v6.x-2.9 para Drupal permite a usuarios autenticados en remoto con privilegios de administrar addthis, inyectar secue... • http://drupal.org/node/731568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •