Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  >> 10.0.7  Security Vulnerabilities
CVE-2009-4066
Multiple cross-site request forgery (CSRF) vulnerabilities in the "My Account" feature in PHPList Integration module 5 before 5.x-1.2 and 6 before 6.x-1.1 for Drupal allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) subscribing or (2) unsubscribing to mailing lists.
CVSS Score
6.8
EPSS Score
0.002
Published
2009-11-24
CVE-2009-4043
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-20
CVE-2009-4044
The Web Services module 6.x for Drupal does not perform the expected access control, which allows remote attackers to make unspecified use of an API via unknown vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2009-11-20
CVE-2009-4042
Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-20
CVE-2009-3914
Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-09
CVE-2009-3915
Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-09
CVE-2009-3916
Cross-site scripting (XSS) vulnerability in the Node Hierarchy module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a child node title.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-09
CVE-2009-3917
Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-11-09
CVE-2009-3918
Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-09
CVE-2009-3919
Cross-site scripting (XSS) vulnerability in the NGP COO/CWP Integration (crmngp) module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."
CVSS Score
4.3
EPSS Score
0.004
Published
2009-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved