CVE-2010-1998
https://notcve.org/view.php?id=CVE-2010-1998
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo CCK TableField v6.x anteriores a v6.x-1.2 para Drupal permite a usarios autenticados en remoto con ciertos privilegios de creación o edición de nodo inyectar código web o HTML a través de las cabeceras de tabla • http://drupal.org/node/790364 http://drupal.org/node/790998 http://secunia.com/advisories/39644 http://www.osvdb.org/64358 http://www.securityfocus.com/bid/39954 http://www.vupen.com/english/advisories/2010/1080 https://exchange.xforce.ibmcloud.com/vulnerabilities/58353 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2002
https://notcve.org/view.php?id=CVE-2010-2002
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Wordfilter v5.x anteriores a v5.x-1.1 y 6.x anteriores v6.x-1.1 para Drupal permite a usuarios autenticados en remoto, con privilegios "administer words filtered", inyectar código web o HTML a través de una lista de palabras. • http://drupal.org/node/796618 http://drupal.org/node/796620 http://drupal.org/node/797208 http://secunia.com/advisories/39811 http://www.securityfocus.com/bid/40119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2001
https://notcve.org/view.php?id=CVE-2010-2001
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo CiviRegister en anteriores a v6.x-1.1 para Drupal permite a atacantes remotos inyectar código web o HTML a través de URI • http://drupal.org/node/797342 http://drupal.org/node/797352 http://secunia.com/advisories/39806 http://www.securityfocus.com/bid/40130 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-2000
https://notcve.org/view.php?id=CVE-2010-2000
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Bibliography (Biblio) módulo v5.x hasta v5.x-1.17 y v6.x hasta v6.x-1.9 para Drupal permite a usuarios autenticados en remoto con privilegios "administer biblio" inyectar código web o HTML a través de vectores sin especificar, diferente a la vulnerabilidad CVE-2010-1358 • http://drupal.org/node/796498 http://drupal.org/node/796502 http://drupal.org/node/797192 http://secunia.com/advisories/39810 http://www.securityfocus.com/bid/40127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1984
https://notcve.org/view.php?id=CVE-2010-1984
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy Breadcrumb v5.x anterior a v5.x-1.5 y v6.x anterior a v6.x-1.1 para Drupal, permite a usuarios autenticados en remoto con permisos de administrador de "taxonomy", inyectar secuencias de comandos Web o HTML a través del nombre del término taxonomy en una visualización de Breadcrumb. • http://drupal.org/node/757974 http://drupal.org/node/757980 http://drupal.org/node/758456 http://osvdb.org/63424 http://secunia.com/advisories/39138 https://exchange.xforce.ibmcloud.com/vulnerabilities/57446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •