CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2009-1738
https://notcve.org/view.php?id=CVE-2009-1738
Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Feed Block v6.x-1.x anteriores a v6.x-1.1, un módulo para Drupal, que permite a los usuarios remotos autenticados con permisos de administrador, inyectar arbitrariamente una secuencia de comandos web o HTML a través de vectores no especificados en "aggregator items". • http://drupal.org/node/453098 http://drupal.org/node/461706 http://secunia.com/advisories/35044 http://www.osvdb.org/54429 http://www.securityfocus.com/bid/34953 http://www.vupen.com/english/advisories/2009/1319 https://exchange.xforce.ibmcloud.com/vulnerabilities/50521 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •