Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  >> 11.0.0  Security Vulnerabilities
CVE-2009-3353
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3354
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3363
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."
CVSS Score
4.3
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3350
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3351
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2009-09-24
CVE-2009-3206
Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.001
Published
2009-09-16
CVE-2009-3207
The ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, when the private file system is used, does not properly perform access control for derivative images, which allows remote attackers to view arbitrary images via a request that specifies an image's filename.
CVSS Score
6.8
EPSS Score
0.008
Published
2009-09-16
CVE-2009-3210
Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.003
Published
2009-09-16
CVE-2009-3156
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
CVSS Score
2.1
EPSS Score
0.005
Published
2009-09-10
CVE-2009-3157
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVSS Score
3.5
EPSS Score
0.003
Published
2009-09-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved