|
258601
|
- |
|
nancy_wichmann
|
realname
|
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
|
CWE-79
Cross-site Scripting
|
CVE-2009-4524
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258602
|
- |
|
joao_ventura
|
print
|
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject a…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4525
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258603
|
- |
|
niif
|
shib_auth
|
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, whi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4527
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258604
|
- |
|
moshe_weitzman
|
og_vocab
|
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-4528
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258605
|
- |
|
nathan_haug
|
webform
|
Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to …
|
CWE-79
Cross-site Scripting
|
CVE-2009-4532
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258606
|
- |
|
nathan_haug
|
webform
|
The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, does not prevent caching of a page that contains token placeholders for a default value, which allows remote attacke…
|
CWE-200
Information Exposure
|
CVE-2009-4533
|
2017-08-17 10:31 |
2010-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258607
|
- |
|
viart
|
viart_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id par…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4547
|
2017-08-17 10:31 |
2010-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258608
|
- |
|
viart
|
viart_helpdesk
|
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4548
|
2017-08-17 10:31 |
2010-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258609
|
- |
|
k-factor
|
agoracart
|
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for reques…
|
CWE-352
Origin Validation Error
|
CVE-2009-4555
|
2017-08-17 10:31 |
2010-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258610
|
- |
|
unleashedmind
|
img_assist
|
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-0…
|
CWE-79
Cross-site Scripting
|
CVE-2009-4557
|
2017-08-17 10:31 |
2010-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
