CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5964
https://notcve.org/view.php?id=CVE-2013-5964
30 Sep 2013 — Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. Vulnerabilidad cross-site scripting (XSS) en la página de administración del módulo Flag 7.x-3.x anteriores a 7.x-3.1 para Drupal permite a usuarios autenticados remotos con permisos "Administer flags" inyectar script web o HTML a través del título de flag. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5965
https://notcve.org/view.php?id=CVE-2013-5965
30 Sep 2013 — The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. El módulo Node View permissions 7.x-1-x (anteriores a 7.x-1.2) para Drupal no implementa apropiadamente la función hook_query_alter, lo que podría permitir a atacantes remotos obtener información sensible leyendo la lista de nodos. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2013-2123
https://notcve.org/view.php?id=CVE-2013-2123
28 Aug 2013 — The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. El módulo de acceso de referencia al usuario Node 6.x-3.x anteior a 6.x-3.5 y 7.x-3.x anteior a 7.x-3.10 para Drupal no restringe adecuadamente el acceso al contenid... • http://www.openwall.com/lists/oss-security/2013/05/29/9 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-2197
https://notcve.org/view.php?id=CVE-2013-2197
28 Aug 2013 — The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts. El módulo Login Security v6.x-1.x anterior a v6.x-1.3 y v7.x-1.x anterior a v7.x-1.3 para Drupal, cuando se utiliza la opción de retraso de inicio de sesión, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un gran número de inte... • http://www.openwall.com/lists/oss-security/2013/06/20/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2013-2247
https://notcve.org/view.php?id=CVE-2013-2247
28 Aug 2013 — The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. El módulo Fast Permissions Administration v6.x-2.x anterior a v6.x-2.5 y v7.x-2.x anterior a v7.x-2.3 para Drupal no restringe adecuadamente el acceso a la función de llamada de modelo de contenidos lo que permite a atacantes remotos obtener acceso no es... • http://www.openwall.com/lists/oss-security/2013/07/06/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4138
https://notcve.org/view.php?id=CVE-2013-4138
28 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el tema Hatch v7.x-1.x anterior a v7.x-1.4 para Drupal lo que permite a usuarios remotos autenticados con los permisos "Administer content," "Create new article," o "Edit any a... • http://www.openwall.com/lists/oss-security/2013/07/17/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4139
https://notcve.org/view.php?id=CVE-2013-4139
28 Aug 2013 — The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. El módulo Stage File Proxy v7.x-1.x anterior a v7.x-1.4 para Drupal, lo que permite a atacantes remotos provocar una denegación de servicio (degradación del rendimiento de las operaciones de ficheros y fallos) a través de un gran número de solicitudes. • http://www.openwall.com/lists/oss-security/2013/07/17/1 •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4272
https://notcve.org/view.php?id=CVE-2013-4272
28 Aug 2013 — The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. El módulo BOTCHA Spam Prevention v7.x-1.x anterior a v7.x-1.6, v7.x-2.x anterior a v7.x-2.1, y v7.x-3.x anterior a v7.x-3.3 para Drupal, cuando el nivel de depuración se establece en 5 ... • http://www.openwall.com/lists/oss-security/2013/08/22/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 1CVE-2013-4274
https://notcve.org/view.php?id=CVE-2013-4274
28 Aug 2013 — Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. Vulnerabilidad Cross-site scripting (XSS) en la función password_policy_admin_view en password_p... • http://www.madirish.net/557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 1CVE-2013-4229
https://notcve.org/view.php?id=CVE-2013-4229
21 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para añadir páginas, inyectar secuencias de comandos web o HTML a través de un título en la página de c... • http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •