CVE-2010-1539
https://notcve.org/view.php?id=CVE-2010-1539
Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Workflow 5.x-2.x en versiones anteriores a la 5.x-2.6 y 6.x-1.x en versiones anteriores a la 6.x-1.4 para Drupal, cuando se usa con el módulo Token, puede permitir a atacantes remotos autenticados inyectar secuencias de comandos web o HTML de su elección a través de un campo "Comment" determinado. • http://drupal.org/node/731624 http://drupal.org/node/731644 http://drupal.org/node/731648 http://secunia.com/advisories/38825 http://www.securityfocus.com/bid/38520 https://exchange.xforce.ibmcloud.com/vulnerabilities/56638 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4513
https://notcve.org/view.php?id=CVE-2009-4513
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal Workflow v5.x anteriores a v5.x-2.4 y v6.x anteriores a v6.x-1.2, permite a atacantes remotos autenticados con privilegios "administer Workflow", inyectar secuencias de comandos web o HTML a través del nombre de un (1) Workflow o (2) estado de Workflow. • http://drupal.org/node/612832 http://drupal.org/node/612834 http://drupal.org/node/617456 http://secunia.com/advisories/37203 http://www.securityfocus.com/bid/36878 http://www.vupen.com/english/advisories/2009/3089 https://exchange.xforce.ibmcloud.com/vulnerabilities/54028 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-0463
https://notcve.org/view.php?id=CVE-2008-0463
Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Workflow para Drupal, en versiones 4.7.x anteriores a 4.7.x-1.2 y 5.x anteriores a 5.x-1.2, permite que atacantes remotos inyecten, a su elección, código web o HTML usando vectores relacionados con las propiedades nodo. • http://drupal.org/node/213473 http://secunia.com/advisories/28633 http://www.securityfocus.com/bid/27444 http://www.vupen.com/english/advisories/2008/0279 https://exchange.xforce.ibmcloud.com/vulnerabilities/39896 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •