Page 100 of 723 results (0.009 seconds)

CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo Recent Comments v5.x hasta v5.x-1.2 y v6.x hasta v6.x-1.0 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de forma arbitraria a traves de "custom block title interface." • http://drupal.org/node/688632 http://drupal.org/node/688636 http://drupal.org/node/690734 http://secunia.com/advisories/38281 http://www.securityfocus.com/bid/37898 https://exchange.xforce.ibmcloud.com/vulnerabilities/55770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Currency Exchange anterior a v6.x-1.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionados con la vigilancia de registro (watchdog logging). • http://drupal.org/node/676214 http://drupal.org/node/676216 http://osvdb.org/61587 http://secunia.com/advisories/38121 http://www.securityfocus.com/bid/37649 http://www.vupen.com/english/advisories/2010/0063 https://exchange.xforce.ibmcloud.com/vulnerabilities/55453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0

The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. La función week_post_page en Weekly Archive para el módulo Node Type v6.x anteriores v6.x-2.7 para Drupal no implementa de forma adecuada las restricciones de acceso al nodo cuando construyen preguntas SQL, lo que permite a atacantes remotos para leer listados de nodo restringidos a través de vectores no especificados. • http://drupal.org/node/723776 http://drupal.org/node/724286 http://osvdb.org/62565 http://secunia.com/advisories/38717 http://www.securityfocus.com/bid/38397 https://exchange.xforce.ibmcloud.com/vulnerabilities/56504 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el modulo iTweak Upload v6.x-1.x anteriores a v6.x-1.2 y v6.x-2.x anteriores a v6.x-2.3 para Drupal permite a usuarios remotos autenticados, con permisos para crear contenidos y subir ficheros, inyectar secuencias arbitrarias de comandos web o HTML a través del nombre de un fichero subido. • http://drupal.org/node/711072 http://drupal.org/node/711074 http://drupal.org/node/717214 http://osvdb.org/62405 http://secunia.com/advisories/38633 http://www.securityfocus.com/bid/38292 https://exchange.xforce.ibmcloud.com/vulnerabilities/56351 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 1

Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Node Blocks 5.x-1.1, y versiones anteriores, y 6.x-1.3 y versiones anteriores, un módulo para Drupal, permite a atacantes remotos con permisos para crear o editar contenido y administrar bloques, inyectar secuencias de comandos web o HTML de su elección a través del parámetro "edit-title" (alias título de bloque). • http://drupal.org/node/683584 http://drupal.org/node/683586 http://drupal.org/node/683598 http://packetstormsecurity.org/1001-exploits/drupalnb-xss.txt http://secunia.com/advisories/38186 http://www.osvdb.org/61682 http://www.securityfocus.com/archive/1/508933/100/0/threaded http://www.securityfocus.com/bid/37782 https://exchange.xforce.ibmcloud.com/vulnerabilities/55606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •