CVSS: 8.1EPSS: 0%CPEs: 55EXPL: 0CVE-2010-3093
https://notcve.org/view.php?id=CVE-2010-3093
21 Sep 2010 — The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. El módulo comentario en Drupal v5.x anterior a v5.23 y v6.x anterior a v6.18 permite a usuarios autenticados remotamente con ciertos privilegios evitar restricciones de acceso pretendidas y restaurar comentarios eliminados a través de una URL manipulada, re... • http://drupal.org/node/880476 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 0CVE-2010-3094
https://notcve.org/view.php?id=CVE-2010-3094
21 Sep 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Drupal v6.x anterior a v6.18 permiten a usuarios autenticados remotamente con ciertos privilegios i... • http://drupal.org/node/880476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3352
https://notcve.org/view.php?id=CVE-2009-3352
24 Sep 2009 — Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors. Múltiples vulnerabilidades no especificadas en el módulo quota_by_role (Quota by role) de Drupal, tienen impacto y vectores de ataque desconocidos. • http://drupal.org/node/572852 •