CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2010-1074
https://notcve.org/view.php?id=CVE-2010-1074
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Currency Exchange anterior a v6.x-1.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionados con la vigilancia de registro (watchdog logging). • http://drupal.org/node/676214 http://drupal.org/node/676216 http://osvdb.org/61587 http://secunia.com/advisories/38121 http://www.securityfocus.com/bid/37649 http://www.vupen.com/english/advisories/2010/0063 https://exchange.xforce.ibmcloud.com/vulnerabilities/55453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •