Lucene search
K

424 matches found

Drupal
Drupal
added 2008/01/30 12:0 a.m.16 views

SA-2008-012 - Project issue tracking - XSS vulnerability in comment summary tables

The Project issue tracking module provides a summary table to show changes in issue states between comments. Users who have certain editing rights may be able to inject arbitrary code on pages containing these tables. Wikipedia has more information about cross site scripting XSS. Versions affecte...

6.5AI score
Exploits0References8
Drupal
Drupal
added 2007/07/26 12:0 a.m.22 views

Drupal core - Multiple cross site scripting vulnerabilities

Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website. Custom content type names...

6.6AI score
Exploits0References6
NVD
NVD
added 2007/07/17 1:30 a.m.23 views

CVE-2007-3818

Cross-site scripting XSS vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."...

3.5CVSS5.7AI score0.00688EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/07/17 1:0 a.m.25 views

CVE-2007-3818

Cross-site scripting XSS vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed above the default user login block."...

5.7AI score0.00688EPSS
Exploits0References2
Rows per page
Query Builder