Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-10-06
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.
CVSS Score
4.3
EPSS Score
0.002
Published
2009-09-30
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.
CVSS Score
2.1
EPSS Score
0.002
Published
2009-09-30
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-09-28
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
CVSS Score
4.3
EPSS Score
0.002
Published
2009-09-28
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-09-28
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."
CVSS Score
4.3
EPSS Score
0.003
Published
2009-09-24
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24