Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  >> 10.1.5  Security Vulnerabilities
CVE-2009-3435
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-09-28
CVE-2009-3437
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
CVSS Score
4.3
EPSS Score
0.002
Published
2009-09-28
CVE-2009-3442
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-09-28
CVE-2009-3353
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3363
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."
CVSS Score
4.3
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3350
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3351
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3206
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.001
Published
2009-09-16
CVE-2009-3207
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
CVSS Score
6.8
EPSS Score
0.008
Published
2009-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved