CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1972
https://notcve.org/view.php?id=CVE-2013-1972
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. Vulnerabilidad CSRF en el módulo para la gestión de archivos elFinder 6.x-0.x anterior a 6.x-0.8 y 7.x-0.x anterior a 7.x-0.8 para Drupal, permite a atacantes remotos secuestrar la auntenticación de víctimas no especificadas para crear, modificar o eliminar archivos a través de vectores desconocidos. • http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html http://osvdb.org/92533 https://drupal.org/node/1972082 https://drupal.org/node/1972084 https://drupal.org/node/1972942 https://exchange.xforce.ibmcloud.com/vulnerabilities/83651 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2013-2129
https://notcve.org/view.php?id=CVE-2013-2129
Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. Vulnerabilidad XSS en el módulo WebForm 6.x-3.x anterior 6.x-3.19 para Drupal permite a usuarios autenticados con los permisos para edit own webform content" o "edit all webform content" inyectar secuencias de comandos web o HTML arbitrarias a través de una etiqueta del componente. • http://osvdb.org/93749 http://secunia.com/advisories/53184 http://www.securityfocus.com/bid/60218 https://drupal.org/node/2007390 https://drupal.org/node/2007460 https://exchange.xforce.ibmcloud.com/vulnerabilities/84628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2012-6572
https://notcve.org/view.php?id=CVE-2012-6572
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función phptemplate_preprocess_node en template.php en el tema Inf08 v6.x-1.x anterior a v6.x-1.10 para Drupal, permite a atacantes remotos con el permiso "administer taxonomy" inyectar secuencias de comandos web o HTML. • http://osvdb.org/85422 http://secunia.com/advisories/50557 http://www.madirish.net/550 https://drupal.org/node/1782286 https://drupal.org/node/1782686 https://exchange.xforce.ibmcloud.com/vulnerabilities/78575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2013-0319
https://notcve.org/view.php?id=CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. Vulnerabilidad de XSS en el módulo Yandex.Metrics 6.x-1.x anterior a 6.x-1.6 y 7.x-1.x anterior a 7.x-1.5 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que involucran al servicio de datos Yandex.Metrica. • http://drupal.org/node/1921340 http://drupal.org/node/1921342 http://drupal.org/node/1922400 http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718 http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901 http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1859
https://notcve.org/view.php?id=CVE-2013-1859
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors. El modulo Node Parameter Control v6.x-1.x para Drupal no restringe correctamente el acceso a las opciones de configuración, que permite a atacantes remotos leer y editar las opciones de configuración a través de vectores no especificados. • http://drupal.org/node/1942330 http://osvdb.org/91257 http://packetstormsecurity.com/files/120788/Drupal-Node-Parameter-Control-6.x-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Mar/133 http://www.openwall.com/lists/oss-security/2013/03/15/2 • CWE-264: Permissions, Privileges, and Access Controls •