1 results (0.003 seconds)
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2007-5621
https://notcve.org/view.php?id=CVE-2007-5621
22 Oct 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a post comments privilege to inject arbitrary web script or HTML via unspecified vectors related to (1) comments, (2) vocabulary names, (3) term names, and (4) usernames. Múltiples vulnerabilidades de secuencias de ... • http://drupal.org/node/184336 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •