NotCVE - vendor:"Drupal" product:"Drupal" version:"7.x-1.0"

Page 19 of 194 results (0.009 seconds)

CVSS: 2.1EPSS: 0%CPEs: 27EXPL: 1

CVE-2013-4274

https://notcve.org/view.php?id=CVE-2013-4274

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. Vulnerabilidad Cross-site scripting (XSS) en la función password_policy_admin_view en password_policy.admin.inc en el módulo Password Policy v6.x-1.x anterior a v6.x-1.6 y v7.x-1.x anterior a v7.x-1.5 para Drupal, lo que permite a usuarios remotos autenticados con el permiso "Administer policies" inyectar secuencias de comandos web o HTML arbitrarias a través del campo "Password Expiration Warning" en la página admin/config/people/password_policy/add. • http://www.madirish.net/557 http://www.openwall.com/lists/oss-security/2013/08/22/2 http://www.securityfocus.com/bid/61780 https://drupal.org/node/2065241 https://drupal.org/node/2065387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 1

CVE-2013-4229

https://notcve.org/view.php?id=CVE-2013-4229

Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para añadir páginas, inyectar secuencias de comandos web o HTML a través de un título en la página de configuración. • http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61710 https://drupal.org/node/2059789 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 42EXPL: 0

CVE-2013-4230

https://notcve.org/view.php?id=CVE-2013-4230

The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en formularios web, lo que permite a usuarios remotos autenticados con el permiso "Who can read data submitted to this webform" eliminar envíos arbitrarios mediante vectores no especificados. • http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61711 https://drupal.org/node/2059805 https://drupal.org/node/2059807 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86326 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-6582

https://notcve.org/view.php?id=CVE-2012-6582

Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. Vulnerabilidad XSS en el módulo Spambot 6.x-3.x anterior a 6.x-3.2 y 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a determinados atacantes inyectar secuencias de comandos web o HTML arbitrarias a través de respuestas de la API stopforumspam.com cuando se ha logado por el "watchdog". • http://osvdb.org/85680 http://secunia.com/advisories/50670 http://www.securityfocus.com/bid/55613 https://drupal.org/node/1789084 https://drupal.org/node/1789086 https://drupal.org/node/1789242 https://exchange.xforce.ibmcloud.com/vulnerabilities/78701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2013-4174

https://notcve.org/view.php?id=CVE-2013-4174

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. Múltiples vulnerabilidades XSS en el módulo Scald 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a tacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de (1) flash_uri, (2) flash_width, o (3) flash_height en la función scald_flash_scald_prerender en providers/scald_flash/scald_flash.module; o el (4) caption en la función scald_image_scald_prerender en providers/scald_image/scald_image.module. • http://drupalcode.org/project/scald.git/commitdiff/32db1ee http://osvdb.org/95625 http://seclists.org/fulldisclosure/2013/Jul/224 http://secunia.com/advisories/54144 http://www.securityfocus.com/bid/61426 https://drupal.org/node/2049251 https://drupal.org/node/2049415 https://exchange.xforce.ibmcloud.com/vulnerabilities/85964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...17 18 19 20 21