1 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de secuencias de comandos entre sitios múltiples (XSS) en el módulo CurviCorners v6.x-1.x y v7.x-1.x para Drupal que permite a usuarios autenticados de forma remota con el permiso "administer curvycorners" inyectar secuencias de comandos web o HTML a través de vectores sin especficiar. • http://osvdb.org/89571 http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Jan/211 http://seclists.org/fulldisclosure/2013/Jan/218 http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt http://www.securityfocus.com/bid/57526 https://drupal.org/node/1896718 https://exchange.xforce.ibmcloud.com/vulnerabilities/81499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •