CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 0CVE-2009-2610
https://notcve.org/view.php?id=CVE-2009-2610
Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Links Related en Links Package v5.x anteriores a v5.x-1.13 y v6.x anteioriores a v6.x-1.2, un módulo para Drupal, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elección mediante el campo "title". • http://drupal.org/node/501356 http://drupal.org/node/501360 http://drupal.org/node/502112 http://osvdb.org/55326 http://secunia.com/advisories/35557 http://www.securityfocus.com/bid/35491 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •