CVE-2016-3144
https://notcve.org/view.php?id=CVE-2016-3144
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. Vulnerabilidad de XSS en el módulo Block Class 7.x-2.x en versiones anteriores a 7.x-2.2 para Drupal permite a usuarios remotos autenticados con el permiso "Administer block classes" inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de clase. • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182535.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182886.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/182953.html https://www.drupal.org/node/2636498 https://www.drupal.org/node/2636502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1658
https://notcve.org/view.php?id=CVE-2012-1658
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Read More Link v6.x-3.x antes de v6.x-3.1 para Drupal, permite a usuarios autenticados remotamente, con permiso de acceso a páginas de administración, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1471080 http://drupal.org/node/1471822 http://secunia.com/advisories/48138 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79856 http://www.securityfocus.com/bid/52340 https://exchange.xforce.ibmcloud.com/vulnerabilities/73777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1657
https://notcve.org/view.php?id=CVE-2012-1657
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en block_class.module en el módulo Block Class antes de v7.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través del nombre de clase. • http://drupal.org/node/1471090 http://drupal.org/node/1471808 http://drupalcode.org/project/block_class.git/commit/9a5205d http://secunia.com/advisories/48298 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79851 http://www.securityfocus.com/bid/52341 https://exchange.xforce.ibmcloud.com/vulnerabilities/73776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-1107
https://notcve.org/view.php?id=CVE-2010-1107
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo Recent Comments v5.x hasta v5.x-1.2 y v6.x hasta v6.x-1.0 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de forma arbitraria a traves de "custom block title interface." • http://drupal.org/node/688632 http://drupal.org/node/688636 http://drupal.org/node/690734 http://secunia.com/advisories/38281 http://www.securityfocus.com/bid/37898 https://exchange.xforce.ibmcloud.com/vulnerabilities/55770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •