CVE-2012-2072
https://notcve.org/view.php?id=CVE-2012-2072
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo "Share Buttons" (AddToAny) v6.x-3.x antes de v6.x-3.4 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con permiso para administrar AddToAny a través de vectores no especificados. • http://drupal.org/node/1083664 http://drupal.org/node/1506412 http://osvdb.org/80675 http://secunia.com/advisories/48615 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52777 https://exchange.xforce.ibmcloud.com/vulnerabilities/74469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4043
https://notcve.org/view.php?id=CVE-2009-4043
Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x before 5.x-2.4 and 6.x before 6.x-2.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via a node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzado (XSS) en el módulo de Drupal "AddToAny" v5.x antes de v5.x-2.4 y v6.x antes de v6.x-2.4 permite a atacantes remotos inyectar HTML o scripts web a través del título de un nodo. • http://drupal.org/node/601110 http://drupal.org/node/630198 http://drupal.org/node/630208 http://osvdb.org/59913 http://secunia.com/advisories/37353 http://www.securityfocus.com/bid/36999 http://www.vupen.com/english/advisories/2009/3211 https://exchange.xforce.ibmcloud.com/vulnerabilities/54247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •