17 matches found
EUVD-2009-1839
Malware in sbrugna...
EUVD-2009-2070
Malware in sbrugna...
EUVD-2010-4778
Malware in sbrugna...
Cross site scripting
Cross-site scripting XSS vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."...
CVE-2012-1652
Cross-site scripting XSS vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."...
CVE-2010-4813
Cross-site scripting XSS vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help...
CVE-2010-2724
Cross-site scripting XSS vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchicalselect form...
Cross site scripting
Cross-site scripting XSS vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchicalselect form...
CVE-2010-1976
Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display...
Cross site scripting
Cross-site scripting XSS vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display...
Cross site scripting
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
CVE-2009-2074
Cross-site scripting XSS vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names...
PT-2009-4527 · Drupal · Nodequeue
Name of the Vulnerable Software and Affected Versions: Nodequeue versions 5.x before 5.x-2.7 Nodequeue versions 6.x before 6.x-2.2 Description: A cross-site scripting XSS issue allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via...
CVE-2009-1844
Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow 1 remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the...
CVE-2009-1844
Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow 1 remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow 1 remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the...
CVE-2008-5996
Cross-site scripting XSS vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field...