Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-0697

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Feb, 2010 | 20:00
Updated At-07 Aug, 2024 | 00:59
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Feb, 2010 | 20:00
Updated At:07 Aug, 2024 | 00:59
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://drupal.org/node/711074
x_refsource_CONFIRM
http://drupal.org/node/711072
x_refsource_CONFIRM
http://www.securityfocus.com/bid/38292
vdb-entry
x_refsource_BID
http://osvdb.org/62405
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/38633
third-party-advisory
x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/56351
vdb-entry
x_refsource_XF
http://drupal.org/node/717214
x_refsource_CONFIRM
Hyperlink: http://drupal.org/node/711074
Resource:
x_refsource_CONFIRM
Hyperlink: http://drupal.org/node/711072
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/38292
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://osvdb.org/62405
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/38633
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56351
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://drupal.org/node/717214
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://drupal.org/node/711074
x_refsource_CONFIRM
x_transferred
http://drupal.org/node/711072
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/38292
vdb-entry
x_refsource_BID
x_transferred
http://osvdb.org/62405
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/38633
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/56351
vdb-entry
x_refsource_XF
x_transferred
http://drupal.org/node/717214
x_refsource_CONFIRM
x_transferred
Hyperlink: http://drupal.org/node/711074
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://drupal.org/node/711072
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/38292
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://osvdb.org/62405
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/38633
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56351
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://drupal.org/node/717214
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Feb, 2010 | 20:30
Updated At:11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-1.0
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.0:*:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-1.1
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.1:*:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-1.x-dev
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-1.x-dev:*:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-2.0
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.0:rc1:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-2.1
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.1:*:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-2.1
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.1:rc2:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-2.2
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.2:*:*:*:*:*:*:*
ilya_ivanchenko
ilya_ivanchenko
>>itweak_upload>>6.x-2.x-dev
cpe:2.3:a:ilya_ivanchenko:itweak_upload:6.x-2.x-dev:*:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://drupal.org/node/711072cve@mitre.org
Patch
http://drupal.org/node/711074cve@mitre.org
Patch
http://drupal.org/node/717214cve@mitre.org
Patch
Vendor Advisory
http://osvdb.org/62405cve@mitre.org
N/A
http://secunia.com/advisories/38633cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/bid/38292cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/56351cve@mitre.org
N/A
http://drupal.org/node/711072af854a3a-2127-422b-91ae-364da2661108
Patch
http://drupal.org/node/711074af854a3a-2127-422b-91ae-364da2661108
Patch
http://drupal.org/node/717214af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://osvdb.org/62405af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/38633af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/38292af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/56351af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://drupal.org/node/711072
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://drupal.org/node/711074
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://drupal.org/node/717214
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://osvdb.org/62405
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/38633
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/38292
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56351
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://drupal.org/node/711072
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://drupal.org/node/711074
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://drupal.org/node/717214
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://osvdb.org/62405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/38633
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/38292
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/56351
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6574Records found
CVE-2011-4560
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-28 Nov, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupalpetition_node_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2472
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.8||MEDIUM
EPSS-0.44% / 62.29%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 18:05
Updated-07 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.

Action-Not Available
Vendor-The Drupal Association
Product-drupaldrupal6
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-1108
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-25 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-hashmarkconsultingn/aThe Drupal Association
Product-drupalcontrolpaneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-1107
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."

Action-Not Available
Vendor-fourkitchensn/aThe Drupal Association
Product-recent_commentsdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4532
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 19:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.

Action-Not Available
Vendor-nathan_haugn/aThe Drupal Association
Product-webformdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-0370
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.33% / 55.26%
||
7 Day CHG~0.00%
Published-21 Jan, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).

Action-Not Available
Vendor-thomas_turnbullroger_lopezn/aThe Drupal Association
Product-drupalnodeblockn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4513
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 19:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.

Action-Not Available
Vendor-john_vandykn/aThe Drupal Association
Product-workflowdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4559
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.21% / 43.37%
||
7 Day CHG~0.00%
Published-04 Jan, 2010 | 21:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text.

Action-Not Available
Vendor-nanwichn/aThe Drupal Association
Product-submitted_bydrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4370
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, which is not properly handled in the menu administration overview.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4369
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.33% / 54.95%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact form" permissions to inject arbitrary web script or HTML via the contact category name.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4371
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.17% / 38.12%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4429
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-1.11% / 77.22%
||
7 Day CHG~0.00%
Published-28 Dec, 2009 | 18:27
Updated-07 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the Name field).

Action-Not Available
Vendor-alexander_hassn/aThe Drupal Association
Product-sections_moduledrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3653
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-09 Oct, 2009 | 14:18
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output.

Action-Not Available
Vendor-darren_ohn/aThe Drupal Association
Product-xml_sitemapdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3648
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.14% / 34.99%
||
7 Day CHG~0.00%
Published-09 Oct, 2009 | 14:18
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names.

Action-Not Available
Vendor-apsivamn/aThe Drupal Association
Product-service_linksdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3652
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.27% / 49.98%
||
7 Day CHG~0.00%
Published-09 Oct, 2009 | 14:18
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.

Action-Not Available
Vendor-moshe_weitzmann/aThe Drupal Association
Product-organic_groupsdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-4813
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-08 Jul, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help.

Action-Not Available
Vendor-category_tokens_projectn/aThe Drupal Association
Product-drupalcategory_tokensn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3206
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.16% / 37.20%
||
7 Day CHG~0.00%
Published-16 Sep, 2009 | 17:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-drewishn/aThe Drupal Association
Product-imagecachedrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2048
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-25 May, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-menhirn/aThe Drupal Association
Product-drupalheartbeatn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3210
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-16 Sep, 2009 | 17:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-joao_venturan/aThe Drupal Association
Product-drupalprintn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2610
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-27 Jul, 2009 | 18:00
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.

Action-Not Available
Vendor-scott_courtneyn/aThe Drupal Association
Product-links_packagedrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3157
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-10 Sep, 2009 | 18:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.

Action-Not Available
Vendor-karen_stevensonn/aThe Drupal Association
Product-drupalcalendarn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2074
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-16 Jun, 2009 | 19:00
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-nodequeuedrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2083
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-16 Jun, 2009 | 20:26
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via "Parent and related terms."

Action-Not Available
Vendor-mattias_hutterern/aThe Drupal Association
Product-taxonomy_managerdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-1942
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-05 Jun, 2009 | 18:13
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-quizn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-4514
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-31 Dec, 2009 | 19:00
Updated-16 Sep, 2024 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-astha_bhatnagarn/aThe Drupal Association
Product-shindigintegratordrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-1738
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.26% / 48.72%
||
7 Day CHG~0.00%
Published-20 May, 2009 | 19:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."

Action-Not Available
Vendor-ivanjarosn/aThe Drupal Association
Product-feed_blockdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2079
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-16 Jun, 2009 | 19:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the administrative page interface in Taxonomy manager 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy terms, to inject arbitrary web script or HTML via (1) vocabulary names, (2) synonyms, and (3) term names.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-taxonomy_managerdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-1844
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.14% / 34.05%
||
7 Day CHG~0.00%
Published-01 Jun, 2009 | 14:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0818
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.32% / 54.77%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permission, or the ability to create pages when tagging is enabled, to inject arbitrary web script or HTML via the Vocabulary name (name parameter) to index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaltaxonomy_theme_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0603
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-16 Feb, 2009 | 20:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupallink_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0817
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.35% / 56.43%
||
7 Day CHG~0.00%
Published-05 Mar, 2009 | 02:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-protected_node_moduledrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6972
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-13 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "help text," or (3) "allowed values" settings.

Action-Not Available
Vendor-karen_stevensonyves_chedemoisn/aThe Drupal Association
Product-drupalcckn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6170
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.28% / 50.85%
||
7 Day CHG~0.00%
Published-19 Feb, 2009 | 15:02
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbitrary web script or HTML via the book page title.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-drupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2076
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-16 Jun, 2009 | 19:00
Updated-16 Sep, 2024 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name parameter in the define custom views feature. NOTE: vector 2 is only exploitable by users with administer views permissions.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-viewsdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-5999
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.16% / 37.20%
||
7 Day CHG~0.00%
Published-28 Jan, 2009 | 15:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the ajax_checklist filter.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-ajax_checklistdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-5996
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.15% / 36.41%
||
7 Day CHG~0.00%
Published-28 Jan, 2009 | 15:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a Newsletter category field.

Action-Not Available
Vendor-link3n/aThe Drupal Association
Product-simplenewsdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4530
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.15% / 36.41%
||
7 Day CHG~0.00%
Published-09 Oct, 2008 | 18:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-brilliant_galleryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8744
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.21% / 43.22%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-nivo_slidern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8076
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-09 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Professional theme 7.x before 7.x-2.04 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to custom copyright information.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-professional_themen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8077
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-09 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the NewsFlash theme 6.x-1.x before 6.x-1.7 and 7.x-1.x before 7.x-2.5 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to font family CSS property.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-newsflashn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8746
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-skeleton_themen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8078
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-printn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8743
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-maestron/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8745
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.34% / 55.65%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-custom_search_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8748
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-13 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-doubleclick_for_publishersn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7870
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-06 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via the "Label text" field to admin/config/search/custom_search/results.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-custom_search_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7980
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the skip_link_text setting and unspecified other theme settings.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-zenn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7979
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-simplecorpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-7978
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.23% / 45.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-bluemastersn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6229
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 23:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via (1) field labels and (2) content-type names.

Action-Not Available
Vendor-n/aThe Drupal Association
Product-content_construction_kitn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 131
  • 132
  • Next
Details not found