CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4230
https://notcve.org/view.php?id=CVE-2013-4230
21 Aug 2013 — The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en f... • http://secunia.com/advisories/54391 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-6582
https://notcve.org/view.php?id=CVE-2012-6582
20 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. Vulnerabilidad XSS en el módulo Spambot 6.x-3.x anterior a 6.x-3.2 y 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a determinados atacantes inyectar secuencias de comandos web o HTML arbitrarias a través de respuestas de la API stopforumspam.co... • http://osvdb.org/85680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4174
https://notcve.org/view.php?id=CVE-2013-4174
19 Aug 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. Múltiples vulnerabilidades XSS en el módulo Scald 7.x-1.x anterior a 7.x-1.1 para Drupa... • http://drupalcode.org/project/scald.git/commitdiff/32db1ee • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2013-5315
https://notcve.org/view.php?id=CVE-2013-5315
19 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174. Vulnerabilidad XSS en el submódulo Resource Manager en el submódulo MEE (mee.module) en el módulo Scald 6.x-1.x anterior a 6.x-1.0-beta3 y 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a atacantes remot... • http://drupalcode.org/project/scald.git/blobdiff/9ce68f67a25200afa5256f567ef89bc4b9fd705e..974a5e29f502a58e6a955d69a85bb5f16c1c8b3e:/mee/mee.module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2013-4140
https://notcve.org/view.php?id=CVE-2013-4140
29 Jul 2013 — Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo TinyBox (Simple Splash) 7.x-2.2 para Drupal, permite a usuarios autenticados remotamente con permisos de "administración de tynibox", inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/95153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2122
https://notcve.org/view.php?id=CVE-2013-2122
16 Jul 2013 — The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. El módulo Edit Limit v7.x-1.x anterior a v7.x-1.3 para Drupal no restringe adecuadamente el acceso a los comentarios, permitiendo a usuarios remotos autenticados con los permisos "edit comments" editar los comentarios arbitrarias de otros usuarios a través de vector... • http://osvdb.org/93725 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1907
https://notcve.org/view.php?id=CVE-2013-1907
16 Jul 2013 — The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. El módulo Commons Group anterior a 7.x-3.1 para Drupal utilizado en el módulo Commons anterior a 7.x-3.1, no restringe adecuadamente el acceso a los grupos, lo que permite a atacantes remotos la publicación de contenido arbitrario a través de vectores no especificados. • http://osvdb.org/91748 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1908
https://notcve.org/view.php?id=CVE-2013-1908
16 Jul 2013 — The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. El módulo Commons Wikis anterior a v7.x-3.1 para Drupal, como se utiliza en el módulo Commons anterior a v7.x-3.1, no restringe correctamente el acceso a grupos, lo que permite a ataques remotos poner contenido arbitrario a grupos mediante vectores no especificados. • http://osvdb.org/91747 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0245 – Debian Security Advisory 2776-1
https://notcve.org/view.php?id=CVE-2013-0245
16 Jul 2013 — The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. La versión amigable de la funcionalidad de impresión del módulo Book para Drupal no restringe adecuadamente el acceso al nodo del que es parte del esquema del módul... • http://osvdb.org/89305 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2013-0246
https://notcve.org/view.php?id=CVE-2013-0246
16 Jul 2013 — The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. El módulo Image en Drupal v7.x anterior a v7.19, cuando un sistema de ficheros privado es utilizado, no restringe adecuadamente el acceso a imágenes derivadas, lo que permite a atacantes remotos leer imágenes derivadas de imágenes restringidas a través de vectores... • http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html • CWE-264: Permissions, Privileges, and Access Controls •