CVSS: 4.3EPSS: 0%CPEs: 41EXPL: 0CVE-2009-4207
https://notcve.org/view.php?id=CVE-2009-4207
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.7 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a submission. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Webform versiones v5.x anteriores a v5.x-2.7 y v6.x anteriores a v6.x-2.7, un módulo para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un envío de formulario. • http://drupal.org/node/481258 http://drupal.org/node/481260 http://drupal.org/node/481268 http://secunia.com/advisories/35339 http://www.securityfocus.com/bid/35197 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2009-4119
https://notcve.org/view.php?id=CVE-2009-4119
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Feed Element Mapper v5.x anteriores a v5.x-1.3, v6.x anteriores a v6.x-1.3, y v6.x-2.0-alpha anteriores a v6.x-2.0-alpha4 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque sin especificar. • http://drupal.org/node/636496 http://drupal.org/node/636498 http://drupal.org/node/636518 http://osvdb.org/60288 http://secunia.com/advisories/37439 http://www.securityfocus.com/bid/37060 https://exchange.xforce.ibmcloud.com/vulnerabilities/54338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-4066
https://notcve.org/view.php?id=CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados(CSRF) en el apartado "My Account" (mi cuenta) del módulo PHPList Integration v5 anteriores a v5.x-1.2 y v6 anteriores a v6.x-1.1 de Drupal. Permiten a atacantes remotos secuestrar las credenciales de autenticación de usuarios de su elección a través de vectores de ataque relacionados con (1) la suscripción (2) o desinscripción de las listas de correo. • http://drupal.org/node/636398 http://drupal.org/node/636400 http://drupal.org/node/636412 http://osvdb.org/60283 http://secunia.com/advisories/37434 http://www.securityfocus.com/bid/37054 https://exchange.xforce.ibmcloud.com/vulnerabilities/54336 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2009-4061
https://notcve.org/view.php?id=CVE-2009-4061
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo de Drupal "Agreement" v6.x antes de v6.x-1.2 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/631538 http://drupal.org/node/636568 http://osvdb.org/60274 http://secunia.com/advisories/37437 http://www.securityfocus.com/bid/37057 https://exchange.xforce.ibmcloud.com/vulnerabilities/54342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4062
https://notcve.org/view.php?id=CVE-2009-4062
Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el módulo de Drupal "Printfriendly" v6.x antes de v6.x-1.6 permiten a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/636670 http://drupal.org/node/636678 http://osvdb.org/60281 http://secunia.com/advisories/37441 http://www.securityfocus.com/bid/37059 https://exchange.xforce.ibmcloud.com/vulnerabilities/54348 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •