CVE-2013-1906
https://notcve.org/view.php?id=CVE-2013-1906
Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag. Vulnerabilidad XSS en el módulo Rules 7.x-2.x anterior a 7.x-2.3 para Drupal, permite a usuarios autenticados remotamente con los permisos "administrator rules" inyectar secuencias de comandos web o HTML de su elección a través de una etiqueta "rule". • http://secunia.com/advisories/52768 https://drupal.org/node/1954508 https://drupal.org/node/1954592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-3914
https://notcve.org/view.php?id=CVE-2009-3914
Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en el módulo de Drupal "Temporary Invitation" v5.X antes de v5.x-2.3 permite a atacantes remotos inyectar HTML o scripts web a través del campo Name en una invitación. • http://drupal.org/node/623018 http://drupal.org/node/623526 http://osvdb.org/59679 http://secunia.com/advisories/37286 http://www.securityfocus.com/bid/37072 https://exchange.xforce.ibmcloud.com/vulnerabilities/54148 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •