Логотип exploitDog
product: "drupal"
Консоль
Логотип exploitDog

exploitDog

product: "drupal"

Количество 1 975

Количество 1 975

nvd логотип

CVE-2009-2371

около 16 лет назад

Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2009-2370

около 16 лет назад

Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2009-2291

около 16 лет назад

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2009-2237

около 16 лет назад

Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2009-2083

около 16 лет назад

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2009-2079

около 16 лет назад

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2009-2078

около 16 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2009-2077

около 16 лет назад

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.

CVSS2: 4
EPSS: Низкий
debian логотип

CVE-2009-2077

около 16 лет назад

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenti ...

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2009-2076

около 16 лет назад

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

CVSS2: 3.5
EPSS: Низкий
debian логотип

CVE-2009-2076

около 16 лет назад

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2009-2075

около 16 лет назад

Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2009-2074

около 16 лет назад

Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2009-1823

около 16 лет назад

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2009-1738

около 16 лет назад

Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2009-1507

больше 16 лет назад

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2009-1505

больше 16 лет назад

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

CVSS2: 6.5
EPSS: Низкий
nvd логотип

CVE-2009-1501

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2009-1344

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2009-1343

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2009-2371

Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user signature.

CVSS2: 6.5
1%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2370

Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
1%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2291

Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors.

CVSS2: 6.8
1%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2237

Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions).

CVSS2: 7.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2083

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

CVSS2: 3.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2079

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

CVSS2: 3.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2078

Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.

CVSS2: 4.3
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2077

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to bypass access restrictions and (1) read unpublished content from anonymous users when a view is already configured to display the content, and (2) read private content in generated queries.

CVSS2: 4
0%
Низкий
около 16 лет назад
debian логотип
CVE-2009-2077

Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote authenti ...

CVSS2: 4
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2076

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

CVSS2: 3.5
0%
Низкий
около 16 лет назад
debian логотип
CVE-2009-2076

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...

CVSS2: 3.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2075

Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, does not properly restrict access when displaying node titles, which has unknown impact and attack vectors.

CVSS2: 7.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-2074

Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.

CVSS2: 3.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-1823

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575.

CVSS2: 2.6
1%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-1738

Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."

CVSS2: 3.5
0%
Низкий
около 16 лет назад
nvd логотип
CVE-2009-1507

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node.

CVSS2: 7.5
0%
Низкий
больше 16 лет назад
nvd логотип
CVE-2009-1505

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

CVSS2: 6.5
1%
Низкий
больше 16 лет назад
nvd логотип
CVE-2009-1501

Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.

CVSS2: 4.3
0%
Низкий
больше 16 лет назад
nvd логотип
CVE-2009-1344

Cross-site scripting (XSS) vulnerability in the Localization client module 5.x before 5.x-1.2 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the translation functionality.

CVSS2: 4.3
0%
Низкий
больше 16 лет назад
nvd логотип
CVE-2009-1343

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.5 and 6.x before 6.x-1.5, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via content titles.

CVSS2: 4.3
0%
Низкий
больше 16 лет назад

Уязвимостей на страницу