CVSS: 2.1EPSS: 0%CPEs: 28EXPL: 0CVE-2013-0225
https://notcve.org/view.php?id=CVE-2013-0225
Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo User Relationships v6.x-1.x anterior a v6.x-1.4 y v7.x-1.x anterior a v7.x-1.0-alpha5 para Drupal, permite a usuarios remotos autenticados con el permiso "administrar las relaciones de usuario" inyectar secuencias de comandos web o HTML a través de un nombre de relación. • http://drupalcode.org/project/user_relationships.git/commitdiff/17e94b9 http://drupalcode.org/project/user_relationships.git/commitdiff/b9a4739 http://www.openwall.com/lists/oss-security/2013/01/25/4 https://drupal.org/node/1896272 https://drupal.org/node/1896276 https://drupal.org/node/1896720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-1393
https://notcve.org/view.php?id=CVE-2013-1393
Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de secuencias de comandos entre sitios múltiples (XSS) en el módulo CurviCorners v6.x-1.x y v7.x-1.x para Drupal que permite a usuarios autenticados de forma remota con el permiso "administer curvycorners" inyectar secuencias de comandos web o HTML a través de vectores sin especficiar. • http://osvdb.org/89571 http://packetstormsecurity.com/files/119766/Drupal-CurvyCorners-6.x-7.x-Cross-Site-Scripting.html http://packetstormsecurity.com/files/119814/CurvyCorners-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Jan/211 http://seclists.org/fulldisclosure/2013/Jan/218 http://www.csnc.ch/misc/files/advisories/CVE-2013-1393.txt http://www.securityfocus.com/bid/57526 https://drupal.org/node/1896718 https://exchange.xforce.ibmcloud.com/vulnerabilities/81499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 1CVE-2012-5655
https://notcve.org/view.php?id=CVE-2012-5655
The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-beta6 for Drupal does not properly restrict access to block content, which allows remote attackers to obtain sensitive information via a crafted request. El módulo Context v6.x-3.x antes de v6.x-3.1 y v7.x-3.x antes de v7.x-3.0-beta6 para Drupal no restringe adecuadamente el acceso para bloquear el contenido, lo que permite a atacantes remotos obtener información sensible a través de una petición modificada. • http://drupal.org/node/1870550 http://drupalcode.org/project/context.git/commitdiff/4452bf1 http://drupalcode.org/project/context.git/commitdiff/d8bf8b6 http://secunia.com/advisories/51517 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 70EXPL: 0CVE-2012-5651
https://notcve.org/view.php?id=CVE-2012-5651
Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results. Drupal v6.x antes de v6.27 y v7.x antes de v7.18 muestra información a los usuarios bloqueados, lo que podría permitir a atacantes remotos obtener información sensible mediante la lectura de los resultados de búsqueda. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/b47f95d http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://www.debian.org/security/2013/dsa-2776 http://www.mandriva.com/security/advisories?name=MDVSA-2013:074 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.osvdb.org/88528 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80792 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 0CVE-2012-5652
https://notcve.org/view.php?id=CVE-2012-5652
Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result. Drupal v6.x antes de v6.27 permite a atacantes remotos obtener información sensible acerca de los archivos subidos a través de un (1) feed RSS o (2) resultados de búsqueda. • http://drupal.org/SA-CORE-2012-004 http://drupalcode.org/project/drupal.git/commitdiff/da8023a http://osvdb.org/88527 http://secunia.com/advisories/51517 http://www.debian.org/security/2013/dsa-2776 http://www.openwall.com/lists/oss-security/2012/12/20/1 http://www.securityfocus.com/bid/56993 https://exchange.xforce.ibmcloud.com/vulnerabilities/80794 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •