Page 19 of 151 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. Vulnerabilidad no especificada en el módulo para drupal Userpoints v6.x anteriores a 6.x-1.1, permite a usuarios remotos autenticado, con permisos "View own userpoints", leer los datos de puntos de usuario de usuarios de su elección a través de vectores de ataque desconocidos. • http://drupal.org/node/610818 http://drupal.org/node/610828 http://osvdb.org/59124 http://secunia.com/advisories/37123 http://www.securityfocus.com/bid/36786 http://www.vupen.com/english/advisories/2009/2998 https://exchange.xforce.ibmcloud.com/vulnerabilities/53896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de redirección abierta en el módulo para drupal Simplenews Statistics v6.x anteriores a v6.x-2.0, permite a atacantes remotos redireccionar a usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de vectores no especificados. • http://drupal.org/node/590098 http://drupal.org/node/611002 http://secunia.com/advisories/37128 http://www.securityfocus.com/bid/36790 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo de Drupal Simplenews Statistics v6.x anteriores a v6.x-2.0, permite a atacantes remotos secuestras la autenticación de usuarios de su elección a través de vectores desconocidos. • http://drupal.org/node/590098 http://drupal.org/node/611002 http://secunia.com/advisories/37128 http://www.securityfocus.com/bid/36790 https://exchange.xforce.ibmcloud.com/vulnerabilities/53906 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo para Drupal vCard v5.x anteriores a v5.x-1.4 y v6.x anteriores a v6.x-1.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relativos a añadir la función theme_vcard. • http://drupal.org/node/610416 http://drupal.org/node/610420 http://drupal.org/node/610996 http://secunia.com/advisories/37127 http://www.securityfocus.com/bid/36789 http://www.vupen.com/english/advisories/2009/3002 https://exchange.xforce.ibmcloud.com/vulnerabilities/53903 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la opción "Monitor Browsers" del módulo de Drupal "Browscap" antes de v5.x-1.1 y v6.x-1.1, permite a atacantes remotos inyectar HTML o scripts web a través de la cabecera HTTP User-Agent. • http://drupal.org/node/592262 http://drupal.org/node/592264 http://drupal.org/node/592272 http://osvdb.org/58444 http://secunia.com/advisories/36912 http://www.securityfocus.com/bid/36557 https://exchange.xforce.ibmcloud.com/vulnerabilities/53571 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •