CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2009-4065
https://notcve.org/view.php?id=CVE-2009-4065
Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la página de configuración del módulo Strongarm module v6.x anteriores a v6.x-1.1 de Drupal. Permite a usuarios remotos inyectar codigo de script web o código HTML a través de el campo "value" (valor) cuando se visualizan variables sobreescritas. • http://drupal.org/node/636462 http://drupal.org/node/636474 http://osvdb.org/60284 http://secunia.com/advisories/37436 http://www.securityfocus.com/bid/37055 https://exchange.xforce.ibmcloud.com/vulnerabilities/54337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2009-4064
https://notcve.org/view.php?id=CVE-2009-4064
Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Gallery Assist v6.x anteriores a la v6.x-1.7 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML a través de "node titles" (títulos de nodo). • http://drupal.org/node/636488 http://drupal.org/node/636660 http://osvdb.org/60270 http://secunia.com/advisories/37425 http://www.securityfocus.com/bid/37061 https://exchange.xforce.ibmcloud.com/vulnerabilities/54347 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4044
https://notcve.org/view.php?id=CVE-2009-4044
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors. El módulo "Web Services" v6.x de Drupal no realiza correctamente el control de acceso, lo que permite a atacantes remotos para hacer un uso no especificado de una API a través de vectores desconocidos. • http://drupal.org/node/630244 http://www.securityfocus.com/bid/37000 http://www.vupen.com/english/advisories/2009/3218 https://exchange.xforce.ibmcloud.com/vulnerabilities/54249 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-4042
https://notcve.org/view.php?id=CVE-2009-4042
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el tema de Drupal "RootCandy" v6.x antes de v6.x-1.5 permite a atacantes remotos inyectar HTML o scripts web a través de la URI. • http://drupal.org/node/629894 http://drupal.org/node/630168 http://osvdb.org/59914 http://secunia.com/advisories/37334 http://www.securityfocus.com/bid/36998 http://www.vupen.com/english/advisories/2009/3210 https://exchange.xforce.ibmcloud.com/vulnerabilities/54245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2009-4043
https://notcve.org/view.php?id=CVE-2009-4043
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzado (XSS) en el módulo de Drupal "AddToAny" v5.x antes de v5.x-2.4 y v6.x antes de v6.x-2.4 permite a atacantes remotos inyectar HTML o scripts web a través del título de un nodo. • http://drupal.org/node/601110 http://drupal.org/node/630198 http://drupal.org/node/630208 http://osvdb.org/59913 http://secunia.com/advisories/37353 http://www.securityfocus.com/bid/36999 http://www.vupen.com/english/advisories/2009/3211 https://exchange.xforce.ibmcloud.com/vulnerabilities/54247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •