1 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en el módulo 'Flag Content' v5.x-2.x antes de v5.x-2.10 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'Reason'. • http://drupal.org/node/610868 http://drupal.org/node/610870 http://osvdb.org/59119 http://secunia.com/advisories/37124 http://www.securityfocus.com/bid/36785 http://www.vupen.com/english/advisories/2009/2999 https://exchange.xforce.ibmcloud.com/vulnerabilities/53900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •