CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2013-0246
https://notcve.org/view.php?id=CVE-2013-0246
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. El módulo Image en Drupal v7.x anterior a v7.19, cuando un sistema de ficheros privado es utilizado, no restringe adecuadamente el acceso a imágenes derivadas, lo que permite a atacantes remotos leer imágenes derivadas de imágenes restringidas a través de vectores no especificados. • http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Jan/120 http://seclists.org/oss-sec/2013/q1/211 http://secunia.com/advisories/51717 https://drupal.org/SA-CORE-2013-001 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-6574
https://notcve.org/view.php?id=CVE-2012-6574
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo Fonecta verify 7.x-1.x anterior a 7.x-1.6 para Drupal, lo que permite a atacantes remotos desde diferentes orígenes inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www.securityfocus.com/bid/55614 https://drupal.org/node/1778782 https://drupal.org/node/1789258 https://exchange.xforce.ibmcloud.com/vulnerabilities/78699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-6573
https://notcve.org/view.php?id=CVE-2012-6573
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo Apache Solr Autocomplete v6.x-1.x antes de v6.x-1.4 y v7.x-1.x antes de v7.x-1.3 para Drupal que permite a atacantes remotos inyectar código arbitrario o HTML a través de vectores de autocompletado. • http://osvdb.org/85062 http://seclists.org/fulldisclosure/2013/Jun/212 http://secunia.com/advisories/50443 http://www.securityfocus.com/bid/55290 https://drupal.org/node/1762684 https://drupal.org/node/1762686 https://drupal.org/node/1762734 https://exchange.xforce.ibmcloud.com/vulnerabilities/78153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1905
https://notcve.org/view.php?id=CVE-2013-1905
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de secuencias de comandos entre sitios múltiples (XSS) en el tema Zero Point v7.x-1.x antes de 7.x-1.9 para Drupal que permite a atacantes remotos inyectar código web script o HTML a través de vectores sin especificar. • http://drupal.org/node/1954588 http://osvdb.org/91745 http://packetstormsecurity.com/files/120985/Drupal-Zero-Point-7.x-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Mar/241 http://secunia.com/advisories/52775 http://www.securityfocus.com/bid/58758 https://drupal.org/node/1953840 https://exchange.xforce.ibmcloud.com/vulnerabilities/83137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1783
https://notcve.org/view.php?id=CVE-2013-1783
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la "galería de 3 diapositivas" en la pagina front.tpl.php del tema Business anterior a v7.x-1.8 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1723246 http://drupal.org/node/1929496 http://drupalcode.org/project/business.git/commitdiff/02f081f http://osvdb.org/90685 http://secunia.com/advisories/52424 http://www.openwall.com/lists/oss-security/2013/02/28/3 http://www.securityfocus.com/bid/58216 https://exchange.xforce.ibmcloud.com/vulnerabilities/82460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •