CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 1CVE-2013-4229
https://notcve.org/view.php?id=CVE-2013-4229
Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. Vulnerabilidad Cross-site scripting (XSS) en el modulo Monster Menus v7.x-1.x anterior a v7.x-1.12 para Drupal permite a los usuarios remotos autenticados con permisos para añadir páginas, inyectar secuencias de comandos web o HTML a través de un título en la página de configuración. • http://drupalcode.org/project/monster_menus.git/blobdiff/4841dcb4e36bdc74efe4ae2459637029df929940..4adcb6b:/mm_static.inc http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61710 https://drupal.org/node/2059789 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86327 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4230
https://notcve.org/view.php?id=CVE-2013-4230
The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en formularios web, lo que permite a usuarios remotos autenticados con el permiso "Who can read data submitted to this webform" eliminar envíos arbitrarios mediante vectores no especificados. • http://secunia.com/advisories/54391 http://www.openwall.com/lists/oss-security/2013/08/10/1 http://www.securityfocus.com/bid/61711 https://drupal.org/node/2059805 https://drupal.org/node/2059807 https://drupal.org/node/2059823 https://exchange.xforce.ibmcloud.com/vulnerabilities/86326 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0CVE-2013-4140
https://notcve.org/view.php?id=CVE-2013-4140
Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo TinyBox (Simple Splash) 7.x-2.2 para Drupal, permite a usuarios autenticados remotamente con permisos de "administración de tynibox", inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/95153 http://seclists.org/fulldisclosure/2013/Jul/86 http://secunia.com/advisories/54091 http://www.openwall.com/lists/oss-security/2013/07/17/1 http://www.securityfocus.com/bid/61078 https://drupal.org/node/2031575 https://drupal.org/node/2038807 https://exchange.xforce.ibmcloud.com/vulnerabilities/85600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2122
https://notcve.org/view.php?id=CVE-2013-2122
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. El módulo Edit Limit v7.x-1.x anterior a v7.x-1.3 para Drupal no restringe adecuadamente el acceso a los comentarios, permitiendo a usuarios remotos autenticados con los permisos "edit comments" editar los comentarios arbitrarias de otros usuarios a través de vectores no especificados. • http://osvdb.org/93725 http://seclists.org/fulldisclosure/2013/May/208 http://secunia.com/advisories/53556 http://www.openwall.com/lists/oss-security/2013/05/29/9 http://www.securityfocus.com/bid/60209 https://drupal.org/node/2006188 https://drupal.org/node/2007048 https://exchange.xforce.ibmcloud.com/vulnerabilities/84630 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0245
https://notcve.org/view.php?id=CVE-2013-0245
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. La versión amigable de la funcionalidad de impresión del módulo Book para Drupal no restringe adecuadamente el acceso al nodo del que es parte del esquema del módulo Book, lo que permite a usuarios autenticados remotamente con acceso a esta aplicación, permiso de lectura sobre los títulos y posiblemente al contenido del nodo a través de vectores no especificados. • http://osvdb.org/89305 http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Jan/120 http://seclists.org/oss-sec/2013/q1/211 http://secunia.com/advisories/51717 http://www.debian.org/security/2013/dsa-2776 https://drupal.org/SA-CORE-2013-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/81380 • CWE-264: Permissions, Privileges, and Access Controls •