CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3802
https://notcve.org/view.php?id=CVE-2012-3802
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. Vulnerabilidad no especificada en el módulo Post Affiliate Pro (PAP) para Drupal, permite a usuarios autenticados remotamente leer las comisiones de otros usuarios a través de vectores de ataque desconocidos. • http://drupal.org/node/1585648 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53589 https://exchange.xforce.ibmcloud.com/vulnerabilities/75716 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2706
https://notcve.org/view.php?id=CVE-2012-2706
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo Post Affiliate Pro (PAP) para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con el registro de usuarios. • http://drupal.org/node/1585648 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53589 https://exchange.xforce.ibmcloud.com/vulnerabilities/75716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •