CVE-2010-1976
https://notcve.org/view.php?id=CVE-2010-1976
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy Breadcrumb v6.x anteriores a v6.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con permisos para administrar taxonomy, inyectar código web o HTML de su elección a través del nodo "title" en una visualización de Breadcrumb. • http://drupal.org/node/757974 http://drupal.org/node/757980 http://drupal.org/node/758456 http://osvdb.org/63424 http://secunia.com/advisories/39138 https://exchange.xforce.ibmcloud.com/vulnerabilities/57446 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1584 – Drupal 6.16 With Context 6.x-2.0-rc3 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2010-1584
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Context anterior a v6.x-2.0-rc4 para Drupal permite a usuarios autenticados remotamente, con privilegios "Administer Blocks", inyectar código web o HTML a través de una descripción "block". Drupal version 6.16 with Context 6.x-2.0-rc3 suffers from a cross site scripting vulnerability. • http://crackingdrupal.com/blog/greggles/mitigation-against-cve-2010-1584-drupal-context-module-xss http://drupal.org/cvs?commit=365210 http://drupal.org/node/794718 http://drupal.org/node/795118 http://www.madirish.net/?article=457 http://www.packetstormsecurity.com/1005-exploits/drupalab-xss.txt http://www.securityfocus.com/bid/40056 http://www.theregister.co.uk/2010/05/10/drupal_security_bug https://exchange.xforce.ibmcloud.com/vulnerabilities/58521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4829
https://notcve.org/view.php?id=CVE-2009-4829
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Automated Logout v6.x-1.x anterior v6.x-1.7 y v6.x-2.x anterior v6.x-2.3 para Drupal permite a usuarios autenticarse remotamente con privilegios de autologueo de administrador, el inyectar código web o HMTL de su elección a través de vectores no especificados. • http://drupal.org/node/667084 http://drupal.org/node/667086 http://drupal.org/node/667094 http://osvdb.org/61295 http://secunia.com/advisories/37878 http://www.securityfocus.com/bid/37462 http://www.vupen.com/english/advisories/2009/3633 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1539
https://notcve.org/view.php?id=CVE-2010-1539
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Workflow 5.x-2.x en versiones anteriores a la 5.x-2.6 y 6.x-1.x en versiones anteriores a la 6.x-1.4 para Drupal, cuando se usa con el módulo Token, puede permitir a atacantes remotos autenticados inyectar secuencias de comandos web o HTML de su elección a través de un campo "Comment" determinado. • http://drupal.org/node/731624 http://drupal.org/node/731644 http://drupal.org/node/731648 http://secunia.com/advisories/38825 http://www.securityfocus.com/bid/38520 https://exchange.xforce.ibmcloud.com/vulnerabilities/56638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1536
https://notcve.org/view.php?id=CVE-2010-1536
Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo AddThis Button v5.x anterior a v5.x-2.2 y v6.x anterior a v6.x-2.9 para Drupal permite a usuarios autenticados en remoto con privilegios de administrar addthis, inyectar secuencias de comandos Web o HTML mediante vectores no especificados • http://drupal.org/node/731568 http://drupal.org/node/731576 http://drupal.org/node/731578 http://secunia.com/advisories/38818 http://www.securityfocus.com/bid/38513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •