Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  >> 10.3.0  Security Vulnerabilities
CVE-2009-4119
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-12-01
CVE-2009-4061
Multiple cross-site scripting (XSS) vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-24
CVE-2009-4062
Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-24
CVE-2009-4063
Cross-site scripting (XSS) vulnerability in the Subgroups for Organic Groups (OG) module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-24
CVE-2009-4064
Cross-site scripting (XSS) vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-24
CVE-2009-4065
Cross-site scripting (XSS) vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-24
CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
CVSS Score
6.8
EPSS Score
0.002
Published
2009-11-24
CVE-2009-4043
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-20
CVE-2009-4044
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2009-11-20
CVE-2009-4042
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved