1 results (0.010 seconds)

CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0

Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Submenu Tree antes de v6.x-1.5 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1132838 http://drupal.org/node/1461470 http://secunia.com/advisories/48202 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79696 http://www.securityfocus.com/bid/52226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •