Page 20 of 194 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. Múltiples vulnerabilidades XSS en el módulo Scald 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a tacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de (1) flash_uri, (2) flash_width, o (3) flash_height en la función scald_flash_scald_prerender en providers/scald_flash/scald_flash.module; o el (4) caption en la función scald_image_scald_prerender en providers/scald_image/scald_image.module. • http://drupalcode.org/project/scald.git/commitdiff/32db1ee http://osvdb.org/95625 http://seclists.org/fulldisclosure/2013/Jul/224 http://secunia.com/advisories/54144 http://www.securityfocus.com/bid/61426 https://drupal.org/node/2049251 https://drupal.org/node/2049415 https://exchange.xforce.ibmcloud.com/vulnerabilities/85964 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo TinyBox (Simple Splash) 7.x-2.2 para Drupal, permite a usuarios autenticados remotamente con permisos de "administración de tynibox", inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/95153 http://seclists.org/fulldisclosure/2013/Jul/86 http://secunia.com/advisories/54091 http://www.openwall.com/lists/oss-security/2013/07/17/1 http://www.securityfocus.com/bid/61078 https://drupal.org/node/2031575 https://drupal.org/node/2038807 https://exchange.xforce.ibmcloud.com/vulnerabilities/85600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0

The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. El módulo Image en Drupal v7.x anterior a v7.19, cuando un sistema de ficheros privado es utilizado, no restringe adecuadamente el acceso a imágenes derivadas, lo que permite a atacantes remotos leer imágenes derivadas de imágenes restringidas a través de vectores no especificados. • http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Jan/120 http://seclists.org/oss-sec/2013/q1/211 http://secunia.com/advisories/51717 https://drupal.org/SA-CORE-2013-001 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 72EXPL: 0

The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. La versión amigable de la funcionalidad de impresión del módulo Book para Drupal no restringe adecuadamente el acceso al nodo del que es parte del esquema del módulo Book, lo que permite a usuarios autenticados remotamente con acceso a esta aplicación, permiso de lectura sobre los títulos y posiblemente al contenido del nodo a través de vectores no especificados. • http://osvdb.org/89305 http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Jan/120 http://seclists.org/oss-sec/2013/q1/211 http://secunia.com/advisories/51717 http://www.debian.org/security/2013/dsa-2776 https://drupal.org/SA-CORE-2013-001 https://exchange.xforce.ibmcloud.com/vulnerabilities/81380 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. El módulo Edit Limit v7.x-1.x anterior a v7.x-1.3 para Drupal no restringe adecuadamente el acceso a los comentarios, permitiendo a usuarios remotos autenticados con los permisos "edit comments" editar los comentarios arbitrarias de otros usuarios a través de vectores no especificados. • http://osvdb.org/93725 http://seclists.org/fulldisclosure/2013/May/208 http://secunia.com/advisories/53556 http://www.openwall.com/lists/oss-security/2013/05/29/9 http://www.securityfocus.com/bid/60209 https://drupal.org/node/2006188 https://drupal.org/node/2007048 https://exchange.xforce.ibmcloud.com/vulnerabilities/84630 • CWE-264: Permissions, Privileges, and Access Controls •