CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2013-6387
https://notcve.org/view.php?id=CVE-2013-6387
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. Vulnerabilidad de cross-site scripting (XSS) en el módulo Image en Drupal 7.x anteriores a 7.24 permite a usuarios autenticados remotamente con ciertos permisos inyectar scripts web o HTML arbitrarios a través del campo de descripción. • http://www.debian.org/security/2013/dsa-2804 http://www.openwall.com/lists/oss-security/2013/11/22/4 https://drupal.org/SA-CORE-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2013-6388
https://notcve.org/view.php?id=CVE-2013-6388
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. Vulnerabilidad de cross-site scripting (XSS) en el módulo Color en Drupal 7.x anteriores a 7.24 permite a atacantes remotos inyectar scripts web o HTML arbitrarios a través de vectores relacionados con CSS. • http://www.debian.org/security/2013/dsa-2804 http://www.openwall.com/lists/oss-security/2013/11/22/4 https://drupal.org/SA-CORE-2013-003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 40EXPL: 0CVE-2013-6389
https://notcve.org/view.php?id=CVE-2013-6389
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el módulo Overlay de Drupal 7.x anterior a la versión 7.24 permite a atacantes remotos redirigir a usuarios hacia sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados. • http://www.debian.org/security/2013/dsa-2804 http://www.openwall.com/lists/oss-security/2013/11/22/4 https://drupal.org/SA-CORE-2013-003 • CWE-20: Improper Input Validation •
CVSS: 3.5EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0827
https://notcve.org/view.php?id=CVE-2012-0827
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. El módulo de archivos en Drupal 7.x antes de 7.11, al utilizar campos de acceso no especificados a los modulos, permitiendo a usuarios remotos autenticados leer archivos privados arbitrarios que se asocian con campos restringidos a través de vectores no especificados. • https://drupal.org/node/1425084 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0244
https://notcve.org/view.php?id=CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. Cross-site scripting (XSS) en Drupal 6.x anterior a 6.28 y 7.x anterior a 7.19, cuando se ejecuta con versiones anteriores de jQuery que son vulnerables a CVE-2011-4969, que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores que involucran funciones Javascript sin especificar que se utilizan para seleccionar los elementos DOM. • http://osvdb.org/89306 http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Jan/120 http://seclists.org/oss-sec/2013/q1/211 http://www.debian.org/security/2013/dsa-2776 https://drupal.org/SA-CORE-2013-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •