CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3917
https://notcve.org/view.php?id=CVE-2009-3917
Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "S5 Presentation Player" v6.x-1.x antes de v6.x-1.1, permite a atacantes remotos inyectar HTML o scripts web a través de un campo sin especificar que se copia el elemento HTML HEAD. • http://drupal.org/node/623508 http://osvdb.org/59678 http://secunia.com/advisories/37285 http://www.securityfocus.com/bid/36923 https://exchange.xforce.ibmcloud.com/vulnerabilities/54147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •