CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2009-4061
https://notcve.org/view.php?id=CVE-2009-4061
24 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo de Drupal "Agreement" v6.x antes de v6.x-1.2 permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/631538 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4062
https://notcve.org/view.php?id=CVE-2009-4062
24 Nov 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el módulo de Drupal "Printfriendly" v6.x antes de v6.x-1.6 permiten a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://drupal.org/node/636670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2009-4064
https://notcve.org/view.php?id=CVE-2009-4064
24 Nov 2009 — Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Gallery Assist v6.x anteriores a la v6.x-1.7 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML a través de "node titles" (títulos de nodo). • http://drupal.org/node/636488 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2009-3915
https://notcve.org/view.php?id=CVE-2009-3915
09 Nov 2009 — Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field. Una vulnerabilidad de ejecución de secuencias de comandos en el formateador de separación de título y URL del módulo de Drupal "Link" v5.x antes de v5.x-2.6 y v6.x antes de v6.x-2.7, permite a atacantes remotos inyectar HTML o scripts web a través del campo... • http://drupal.org/node/620662 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3916
https://notcve.org/view.php?id=CVE-2009-3916
09 Nov 2009 — Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo de Drupal "Node Hierarchy" v5.x antes de v5.x-1.3 y v6.x antes de v6.x-1.3, permite a atacantes remotos inyectar HTML o scripts web a través de un título de nodo hijo. • http://drupal.org/node/622092 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3917
https://notcve.org/view.php?id=CVE-2009-3917
09 Nov 2009 — Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "S5 Presentation Player" v6.x-1.x antes de v6.x-1.1, permite a atacantes remotos inyectar HTML o scripts web a través de un campo sin especificar que se copia el elemento ... • http://drupal.org/node/623508 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2009-3918
https://notcve.org/view.php?id=CVE-2009-3918
09 Nov 2009 — Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de Drupal "Zoomify" v5.x antes de v5.x-2.2 y v6.x antes de v6.x-1.4 permite a atacantes remotos inyectar HTML o scripts weba través del título del nodo. • http://drupal.org/node/623434 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2009-3921
https://notcve.org/view.php?id=CVE-2009-3921
09 Nov 2009 — The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-rc3, a module for Drupal, does not verify group-node privileges in certain circumstances involving subqueue creation, which allows remote authenticated users to discover arbitrary organic group names by reading confirmation messages. El módulo Smartqueue_og v5.x anteriores a v5.x-1.3 y v6.x anteriores a6.x-1.0-rc3, módulo para Drupal, en ciertas circunstancias no verifica los privilegios del nodo de grupo, implicando la creación de una sub-c... • http://drupal.org/node/617496 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3922
https://notcve.org/view.php?id=CVE-2009-3922
09 Nov 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities in the User Protect module 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allow remote attackers to hijack the authentication of administrators for requests that (1) delete the editing protection of a user or (2) delete a certain type of administrative-bypass rule. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo User Protect v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, módul... • http://drupal.org/node/623162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2009-3779
https://notcve.org/view.php?id=CVE-2009-3779
26 Oct 2009 — Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal vCard v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, permite a atacantes remotos inyectar secuencias ... • http://drupal.org/node/610416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •