CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4384
https://notcve.org/view.php?id=CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. Vulnerabilidad de XSS en el módulo Google Site Search 6.x-1.x anterior a la versión 6.x-1.4 y 7.x-1.x anterior a 7.x-1.10 para Drupal permite a atacantes remotos inyectar script web arbitrario o HTML, provocando que datos diseñados sean devueltos por la API de Google. • http://osvdb.org/97503 http://www.securityfocus.com/bid/62495 https://drupal.org/node/2092395 https://exchange.xforce.ibmcloud.com/vulnerabilities/87285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4272
https://notcve.org/view.php?id=CVE-2013-4272
The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. El módulo BOTCHA Spam Prevention v7.x-1.x anterior a v7.x-1.6, v7.x-2.x anterior a v7.x-2.1, y v7.x-3.x anterior a v7.x-3.3 para Drupal, cuando el nivel de depuración se establece en 5 o 6, registra el contenido de los formularios enviados, lo que permite a los usuarios dependientes del contexto obtener información confidencial, como nombres de usuario y las contraseñas mediante la lectura del archivo de registro. • http://www.openwall.com/lists/oss-security/2013/08/22/2 https://drupal.org/node/2064781 https://drupal.org/node/2064783 https://drupal.org/node/2064785 https://drupal.org/node/2065057 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 2.1EPSS: 0%CPEs: 27EXPL: 1CVE-2013-4274
https://notcve.org/view.php?id=CVE-2013-4274
Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. Vulnerabilidad Cross-site scripting (XSS) en la función password_policy_admin_view en password_policy.admin.inc en el módulo Password Policy v6.x-1.x anterior a v6.x-1.6 y v7.x-1.x anterior a v7.x-1.5 para Drupal, lo que permite a usuarios remotos autenticados con el permiso "Administer policies" inyectar secuencias de comandos web o HTML arbitrarias a través del campo "Password Expiration Warning" en la página admin/config/people/password_policy/add. • http://www.madirish.net/557 http://www.openwall.com/lists/oss-security/2013/08/22/2 http://www.securityfocus.com/bid/61780 https://drupal.org/node/2065241 https://drupal.org/node/2065387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 1CVE-2013-4229
https://notcve.org/view.php?id=CVE-2013-4229
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para añadir páginas, inyectar secuencias de comandos web o HTML a través de un título en la página de configuración. • http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61710 https://drupal.org/node/2059789 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4230
https://notcve.org/view.php?id=CVE-2013-4230
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en formularios web, lo que permite a usuarios remotos autenticados con el permiso "Who can read data submitted to this webform" eliminar envíos arbitrarios mediante vectores no especificados. • http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61711 https://drupal.org/node/2059805 https://drupal.org/node/2059807 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86326 • CWE-264: Permissions, Privileges, and Access Controls •