Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2009-10-26
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.
CVSS Score
4.3
EPSS Score
0.006
Published
2009-10-26
Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content type names.
CVSS Score
3.5
EPSS Score
0.001
Published
2009-10-09
Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.002
Published
2009-10-09
Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-10-09
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.
CVSS Score
3.5
EPSS Score
0.002
Published
2009-10-09
Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output.
CVSS Score
3.5
EPSS Score
0.002
Published
2009-10-09
Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.
CVSS Score
6.4
EPSS Score
0.01
Published
2009-10-09
Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
CVSS Score
6.8
EPSS Score
0.001
Published
2009-10-09
Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.
CVSS Score
5.8
EPSS Score
0.002
Published
2009-10-09