CVE-2013-2158
https://notcve.org/view.php?id=CVE-2013-2158
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el modulo Services v6.x-3.x y v7.x-3.x anterior a v7.x-3.4 para Drupal permite a atacantes remotos secuestrar la autenticación de las víctimas a través de vectores no especificados desconocidos. • http://osvdb.org/93980 http://seclists.org/fulldisclosure/2013/Jun/23 http://secunia.com/advisories/53649 http://secunia.com/advisories/53661 http://www.securityfocus.com/bid/60356 https://drupal.org/node/2012366 https://drupal.org/node/2012982 https://exchange.xforce.ibmcloud.com/vulnerabilities/84791 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-6575
https://notcve.org/view.php?id=CVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo Exposed Filter Data 6.x-1.x anterior a 6.x-1.2 para Drupal, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://osvdb.org/85190 https://drupal.org/node/1774636 https://drupal.org/node/1775582 https://exchange.xforce.ibmcloud.com/vulnerabilities/78316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-6573
https://notcve.org/view.php?id=CVE-2012-6573
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo Apache Solr Autocomplete v6.x-1.x antes de v6.x-1.4 y v7.x-1.x antes de v7.x-1.3 para Drupal que permite a atacantes remotos inyectar código arbitrario o HTML a través de vectores de autocompletado. • http://osvdb.org/85062 http://seclists.org/fulldisclosure/2013/Jun/212 http://secunia.com/advisories/50443 http://www.securityfocus.com/bid/55290 https://drupal.org/node/1762684 https://drupal.org/node/1762686 https://drupal.org/node/1762734 https://exchange.xforce.ibmcloud.com/vulnerabilities/78153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1971
https://notcve.org/view.php?id=CVE-2013-1971
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo MP3 Player para Drupal v6.x que permite a usuarios autenticados remotamente inyectar código script o HTML a través del nombre del fichero MP3. • http://www.securityfocus.com/bid/59276 https://drupal.org/node/1972804 https://exchange.xforce.ibmcloud.com/vulnerabilities/83649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2036
https://notcve.org/view.php?id=CVE-2013-2036
Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." Vulnerabilidad XSS en el módulo Filebrowser 6.x-2.x anterior 6.x-1.1 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados relacionados con una lista de archivos. • http://secunia.com/advisories/53228 https://drupal.org/node/1983356 https://drupal.org/node/1984212 https://exchange.xforce.ibmcloud.com/vulnerabilities/83986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •