3 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. Vulnerabilidad Cross-site scripting (XSS) en el modulo Display Suite v7.x-1.x anterior a v7.x-1.7 y v7.x-2.x anterior a v7.x-2.3 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a través de una etiqueta del paquete entidad. • http://osvdb.org/94234 http://seclists.org/fulldisclosure/2013/Jun/94 https://drupal.org/node/2017639 https://drupal.org/node/2017641 https://drupal.org/node/2017933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0

The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. El módulo de copia Bundle v7.x-1.x antes de v7.x-1.1 para Drupal no comprueba el permiso de uso de PHP para la configuración ('use PHP for settings') cuando importa una configuración, lo que permite ejecutar código PHP de su elección a usuarios remotos autenticados con determinados permisos a través de vectores no especificados. • http://drupal.org/node/1506166 http://drupal.org/node/1506420 http://drupalcode.org/project/bundle_copy.git/commit/299bdca http://osvdb.org/80676 http://secunia.com/advisories/48626 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52811 https://exchange.xforce.ibmcloud.com/vulnerabilities/74439 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path. El módulo CK Comment Reference v5.x anteriores a v5.x-1.2 y v6.x anteriores a v6.x-1.3, un módulo para Drupal, permite a atacantes remotos eludir las restricciones de acceso implementadas y leer comentarios al usar el autocompletado. • http://drupal.org/node/617380 http://secunia.com/advisories/37206 http://www.securityfocus.com/bid/36863 http://www.vupen.com/english/advisories/2009/3084 • CWE-264: Permissions, Privileges, and Access Controls •