Shodan
Vulnerabilities
Vulnerable Software
Drupal:  >> Drupal  >> 11.0.0  Security Vulnerabilities
CVE-2009-4559
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" text.
CVSS Score
3.5
EPSS Score
0.002
Published
2010-01-04
CVE-2009-4513
Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.
CVSS Score
3.5
EPSS Score
0.003
Published
2009-12-31
CVE-2009-4514
Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.002
Published
2009-12-31
CVE-2009-4515
The Storm module 6.x before 6.x-1.25 for Drupal does not enforce privilege requirements for storminvoiceitem nodes, which allows remote attackers to read node titles via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.005
Published
2009-12-31
CVE-2009-4516
Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-12-31
CVE-2009-4517
Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that access unpublished content.
CVSS Score
6.8
EPSS Score
0.001
Published
2009-12-31
CVE-2009-4518
Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.
CVSS Score
4.3
EPSS Score
0.003
Published
2009-12-31
CVE-2009-4520
The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path.
CVSS Score
5.0
EPSS Score
0.002
Published
2009-12-31
CVE-2009-4524
Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-12-31
CVE-2009-4525
Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.
CVSS Score
4.3
EPSS Score
0.004
Published
2009-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved