CVSS: 2.1EPSS: 0%CPEs: 59EXPL: 0CVE-2013-4380
https://notcve.org/view.php?id=CVE-2013-4380
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web script or HTML via the preset settings. Vulnerabilidad de XSS en el módulo MediaFront 6.x-1.x anterior a 6.x-1.6, 7.x-1.x anterior a 7.x-1.6 y 7.x-2.x anterior a 7.x-2.1 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar mediafront' inyectar secuencias de comandos web o HTML arbitrarios a través de las configuraciones predefinidas. • http://www.openwall.com/lists/oss-security/2013/09/27/6 https://drupal.org/node/2086187 https://drupal.org/node/2086189 https://drupal.org/node/2086191 https://drupal.org/node/2087051 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4502
https://notcve.org/view.php?id=CVE-2013-4502
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by attaching a file. El módulo FileField Sources 6.x-1.x anterior a 6.x-1.9 y 7.x-1.x anterior a 7.x-1.9 para Drupal no comprueba debidamente permisos de archivos, lo que permite a usuarios remotos autenticados leer archivos arbitrarios al ajuntar un archivo. • http://seclists.org/oss-sec/2013/q4/210 https://drupal.org/node/2124217 https://drupal.org/node/2124219 https://drupal.org/node/2124241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 17EXPL: 0CVE-2013-4504
https://notcve.org/view.php?id=CVE-2013-4504
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. El módulo Monster Menus 7.x-1.x anterior a 7.x-1.15 permite a atacantes remotos leer comentarios de nodo arbitrarios a través de una URL manipulada. • http://seclists.org/oss-sec/2013/q4/210 https://drupal.org/node/2123287 https://drupal.org/node/2124289 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-2983
https://notcve.org/view.php?id=CVE-2014-2983
Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors. Drupal 6.x anterior a 6.31 y 7.x anterior a 7.27 no aísla debidamente los datos en caché de usuarios anónimos diferentes, lo que permite a usuarios remotos anónimos obtener información sensible de entradas de formularios parciales en situaciones oportunistas a través de vectores no especificados. • http://www.debian.org/security/2014/dsa-2913 http://www.debian.org/security/2014/dsa-2914 http://www.openwall.com/lists/oss-security/2014/04/22/2 https://drupal.org/SA-CORE-2014-002 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 68EXPL: 0CVE-2014-1475
https://notcve.org/view.php?id=CVE-2014-1475
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors. El módulo OpenID en Drupal v6.x anterior a v6.30 y v7.x anterior a v7.26 permite a usuarios OpenID remotos autenticarse como otros usuarios a través de vectores no especificados. • http://secunia.com/advisories/56260 http://secunia.com/advisories/56601 http://www.debian.org/security/2014/dsa-2847 http://www.debian.org/security/2014/dsa-2851 http://www.mandriva.com/security/advisories?name=MDVSA-2014:031 http://www.securityfocus.com/bid/64973 https://drupal.org/SA-CORE-2014-001 •