CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2009-3920
https://notcve.org/view.php?id=CVE-2009-3920
An administration page in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal does not perform the expected access control, which allows remote attackers to read log information via unspecified vectors. Una página de administración del módulo de integración de Drupal NGP COO/CWP v6.x (crmngp) antes de v6.x-1.12 no realiza el control de acceso esperado, lo que permite leer a atacantes remotos la información de registro a través de vectores no especificados. • http://drupal.org/node/623506 http://drupal.org/node/623546 http://osvdb.org/59677 http://secunia.com/advisories/37287 http://www.securityfocus.com/bid/36927 https://exchange.xforce.ibmcloud.com/vulnerabilities/54153 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3917
https://notcve.org/view.php?id=CVE-2009-3917
Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "S5 Presentation Player" v6.x-1.x antes de v6.x-1.1, permite a atacantes remotos inyectar HTML o scripts web a través de un campo sin especificar que se copia el elemento HTML HEAD. • http://drupal.org/node/623508 http://osvdb.org/59678 http://secunia.com/advisories/37285 http://www.securityfocus.com/bid/36923 https://exchange.xforce.ibmcloud.com/vulnerabilities/54147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2009-3919
https://notcve.org/view.php?id=CVE-2009-3919
Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal NGP COO/CWP Integration (crmngp) v6.x anterior a v6.x-1.12, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de informaión dada por el usuario no especificada. • http://drupal.org/node/623506 http://drupal.org/node/623546 http://osvdb.org/59676 http://secunia.com/advisories/37287 http://www.securityfocus.com/bid/36927 https://exchange.xforce.ibmcloud.com/vulnerabilities/54151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2009-3783
https://notcve.org/view.php?id=CVE-2009-3783
Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector. Vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal Simplenews Statistics v6.x anteriores a v6.x-2.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del un vector no especificado. • http://drupal.org/node/590098 http://drupal.org/node/611002 http://secunia.com/advisories/37128 http://www.securityfocus.com/bid/36790 https://exchange.xforce.ibmcloud.com/vulnerabilities/53905 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3782
https://notcve.org/view.php?id=CVE-2009-3782
Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. Vulnerabilidad no especificada en el módulo para drupal Userpoints v6.x anteriores a 6.x-1.1, permite a usuarios remotos autenticado, con permisos "View own userpoints", leer los datos de puntos de usuario de usuarios de su elección a través de vectores de ataque desconocidos. • http://drupal.org/node/610818 http://drupal.org/node/610828 http://osvdb.org/59124 http://secunia.com/advisories/37123 http://www.securityfocus.com/bid/36786 http://www.vupen.com/english/advisories/2009/2998 https://exchange.xforce.ibmcloud.com/vulnerabilities/53896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •