CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2009-4063
https://notcve.org/view.php?id=CVE-2009-4063
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Subgroups for Organic Groups (OG) v5.x anteriores a la v5.x-4.0 y v5.x anteriores a la v5.x-3.4 de Drupal. Permite a atacantes remotos inyectar codigo de script web o código HTML a través de los títulos de nodo. • http://drupal.org/node/630004 http://drupal.org/node/636562 http://osvdb.org/60287 http://secunia.com/advisories/37438 http://www.securityfocus.com/bid/37056 https://exchange.xforce.ibmcloud.com/vulnerabilities/54341 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •