3 matches found
CVE-2009-3157
Cross-site scripting XSS vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type...
CVE-2009-3157
Cross-site scripting XSS vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type...
CVE-2009-3157
The CVE-2009-3157 entry concerns Drupal’s Calendar module (6.x) prior to 6.x-2.2, where remote authenticated users with the ability to create new content types can inject arbitrary script/HTML via the content type title (HTML/XSS). The vulnerability affects the Drupal Calendar module itself, not ...