3 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 1

Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561. Vulnerabilidad de XSS en la funcionalidad de autocompletar en el módulo Finder 6.x-1.x anterior a 6.x-1.26, 7.x-1.x y 7.x-2.x anterior a 7.x-2.0-alpha8 para Drupal permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del título de un nodo, una vulnerabilidad diferente a CVE-2012-1561. • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/13e2d0c http://drupalcode.org/project/finder.git/commit/58443aa http://drupalcode.org/project/finder.git/commit/758fcf9 http://drupalcode.org/project/finder.git/commit/bc0cc82 http://secunia.com/advisories/47941 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 0

Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities." Vulnerabilidad de XSS en el módulo Finder 6.x-1.x anterior a 6.x-1.26, 7.x-1.x y 7.x-2.x anterior a 7.x-2.0-alpha8 para Drupal permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados relacionados con "funcionalidades de botón de casilla de verificación y radio." • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/13e2d0c http://drupalcode.org/project/finder.git/commit/58443aa http://secunia.com/advisories/47941 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists/oss-security/2012/03/16/9 http://www.openwall.com/lists/oss-security/2012/03/19/9 http://www.ope • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 1%CPEs: 84EXPL: 1

The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. La función finder_import en el módulo Finder v6.x-1.x anterior a v6.x-1.26, v7.x-1.x, y v7.x-2.x anterior a v7.x-2.0-alpha8 para Drupal permite a usuarios remotos autenticados con permisos de administración del finder ejecutar código PHP arbitrario a través de admin/build/finder/import. • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/bc0cc82 http://secunia.com/advisories/47915 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists/oss-security/2012/03/16/9 http://www.openwall.com/lists/oss-security/2012/03/19/9 http://www.openwall.com/lists/oss-security/2012/04/07/1 http:/&#x • CWE-264: Permissions, Privileges, and Access Controls •