CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2714
https://notcve.org/view.php?id=CVE-2011-2714
A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display. Se presenta una vulnerabilidad de tipo Cross-Site Scripting en Drupal versión 6.20 con Data versiones 6.x-1.0-alpha14, debido a un saneamiento insuficiente de las descripciones de tablas, nombres de campos o etiquetas antes del despliegue. • https://seclists.org/fulldisclosure/2011/Feb/219 https://www.drupal.org/node/1056470 https://www.openwall.com/lists/oss-security/2011/07/26/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-19826
https://notcve.org/view.php?id=CVE-2019-19826
The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal makes insecure unserialize calls in handlers/views_handler_filter_dynamic_fields.inc, as demonstrated by PHP object injection, involving a field_names object and an Archive_Tar object, for file deletion. Code execution might also be possible. El módulo Views Dynamic Fields versiones hasta 7.x-1.0-alpha4 para Drupal, realiza llamadas no serializadas no seguras en el archivo handlers/views_handler_filter_dynamic_fields.inc, como es demostrado mediante la inyección de objetos PHP, involucrando un objeto field_names y un objeto Archive_Tar, para la eliminación de archivos. Una ejecución de código también podría ser posible. • https://www.drupal.org/project/views_dynamic_fields/issues/3056600 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3373
https://notcve.org/view.php?id=CVE-2011-3373
Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specially-crafted URL that could lead to cross-site scripting (XSS) attack. El módulo Drupal Views Builk Operations (VBO) versiones 6.x-1.0 hasta 6.x-1.10, no escapa apropiadamente de la ayuda de vocabulario cuando el vocabulario ha habilitado el etiquetado del usuario y se utiliza la acción "Modify node taxonomy terms". Un atacante remoto podría proveer una URL especialmente diseñada que podría conllevar a un ataque de tipo cross-site scripting (XSS). • https://access.redhat.com/security/cve/cve-2011-3373 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3373 https://www.openwall.com/lists/oss-security/2011/09/22/4 https://www.securityfocus.com/bid/49727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2079
https://notcve.org/view.php?id=CVE-2012-2079
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal. Una vulnerabilidad de tipo cross-site request forgery (CSRF) en el módulo Activity versiones 6.x-1.x para Drupal. • http://www.openwall.com/lists/oss-security/2012/04/07/1 https://www.drupal.org/node/1506562 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2078
https://notcve.org/view.php?id=CVE-2012-2078
Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1.x for Drupal. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo Activity versiones 6.x-1.x para Drupal. • http://www.openwall.com/lists/oss-security/2012/04/07/1 https://www.drupal.org/node/1506562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •