CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5938
https://notcve.org/view.php?id=CVE-2013-5938
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. Vulnerabilidad XSS en el módulo Click2Sell Suite v6.x-1.x para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de un formulario de confirmación. • http://osvdb.org/97204 http://seclists.org/fulldisclosure/2013/Sep/64 http://www.openwall.com/lists/oss-security/2013/10/21/5 https://drupal.org/node/2087055 https://exchange.xforce.ibmcloud.com/vulnerabilities/87050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0CVE-2013-2123
https://notcve.org/view.php?id=CVE-2013-2123
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. El módulo de acceso de referencia al usuario Node 6.x-3.x anteior a 6.x-3.5 y 7.x-3.x anteior a 7.x-3.10 para Drupal no restringe adecuadamente el acceso al contenido que contiene un campo de referencia al usuario cuando el autor actualiza o elimina permisos y la cuenta de dicho autor es eliminada, lo que permite a atacantes remotos modificar el contenido a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2013/05/29/9 https://drupal.org/node/2007072 https://drupal.org/node/2007078 https://drupal.org/node/2007122 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2013-2197
https://notcve.org/view.php?id=CVE-2013-2197
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts. El módulo Login Security v6.x-1.x anterior a v6.x-1.3 y v7.x-1.x anterior a v7.x-1.3 para Drupal, cuando se utiliza la opción de retraso de inicio de sesión, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un gran número de intentos de conexión fallidos. • http://www.openwall.com/lists/oss-security/2013/06/20/3 https://drupal.org/node/2023503 https://drupal.org/node/2023507 https://drupal.org/node/2023585 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2013-2247
https://notcve.org/view.php?id=CVE-2013-2247
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. El módulo Fast Permissions Administration v6.x-2.x anterior a v6.x-2.5 y v7.x-2.x anterior a v7.x-2.3 para Drupal no restringe adecuadamente el acceso a la función de llamada de modelo de contenidos lo que permite a atacantes remotos obtener acceso no especificado en el formulario de edición permisos. • http://www.openwall.com/lists/oss-security/2013/07/06/3 https://drupal.org/node/2028417 https://drupal.org/node/2028421 https://drupal.org/node/2028813 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 27EXPL: 1CVE-2013-4274
https://notcve.org/view.php?id=CVE-2013-4274
Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. Vulnerabilidad Cross-site scripting (XSS) en la función password_policy_admin_view en password_policy.admin.inc en el módulo Password Policy v6.x-1.x anterior a v6.x-1.6 y v7.x-1.x anterior a v7.x-1.5 para Drupal, lo que permite a usuarios remotos autenticados con el permiso "Administer policies" inyectar secuencias de comandos web o HTML arbitrarias a través del campo "Password Expiration Warning" en la página admin/config/people/password_policy/add. • http://www.madirish.net/557 http://www.openwall.com/lists/oss-security/2013/08/22/2 http://www.securityfocus.com/bid/61780 https://drupal.org/node/2065241 https://drupal.org/node/2065387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •