CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4384
https://notcve.org/view.php?id=CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. Vulnerabilidad de XSS en el módulo Google Site Search 6.x-1.x anterior a la versión 6.x-1.4 y 7.x-1.x anterior a 7.x-1.10 para Drupal permite a atacantes remotos inyectar script web arbitrario o HTML, provocando que datos diseñados sean devueltos por la API de Google. • http://osvdb.org/97503 http://www.securityfocus.com/bid/62495 https://drupal.org/node/2092395 https://exchange.xforce.ibmcloud.com/vulnerabilities/87285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2013-2197
https://notcve.org/view.php?id=CVE-2013-2197
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts. El módulo Login Security v6.x-1.x anterior a v6.x-1.3 y v7.x-1.x anterior a v7.x-1.3 para Drupal, cuando se utiliza la opción de retraso de inicio de sesión, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un gran número de intentos de conexión fallidos. • http://www.openwall.com/lists/oss-security/2013/06/20/3 https://drupal.org/node/2023503 https://drupal.org/node/2023507 https://drupal.org/node/2023585 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4138
https://notcve.org/view.php?id=CVE-2013-4138
Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el tema Hatch v7.x-1.x anterior a v7.x-1.4 para Drupal lo que permite a usuarios remotos autenticados con los permisos "Administer content," "Create new article," o "Edit any article type content", inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2013/07/17/1 https://drupal.org/node/2038189 https://drupal.org/node/2038363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4139
https://notcve.org/view.php?id=CVE-2013-4139
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. El módulo Stage File Proxy v7.x-1.x anterior a v7.x-1.4 para Drupal, lo que permite a atacantes remotos provocar una denegación de servicio (degradación del rendimiento de las operaciones de ficheros y fallos) a través de un gran número de solicitudes. • http://www.openwall.com/lists/oss-security/2013/07/17/1 https://drupal.org/node/2038799 https://drupal.org/node/2038801 •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2013-4272
https://notcve.org/view.php?id=CVE-2013-4272
The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and passwords by reading the log file. El módulo BOTCHA Spam Prevention v7.x-1.x anterior a v7.x-1.6, v7.x-2.x anterior a v7.x-2.1, y v7.x-3.x anterior a v7.x-3.3 para Drupal, cuando el nivel de depuración se establece en 5 o 6, registra el contenido de los formularios enviados, lo que permite a los usuarios dependientes del contexto obtener información confidencial, como nombres de usuario y las contraseñas mediante la lectura del archivo de registro. • http://www.openwall.com/lists/oss-security/2013/08/22/2 https://drupal.org/node/2064781 https://drupal.org/node/2064783 https://drupal.org/node/2064785 https://drupal.org/node/2065057 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •