CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-6573
https://notcve.org/view.php?id=CVE-2012-6573
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo Apache Solr Autocomplete v6.x-1.x antes de v6.x-1.4 y v7.x-1.x antes de v7.x-1.3 para Drupal que permite a atacantes remotos inyectar código arbitrario o HTML a través de vectores de autocompletado. • http://osvdb.org/85062 http://seclists.org/fulldisclosure/2013/Jun/212 http://secunia.com/advisories/50443 http://www.securityfocus.com/bid/55290 https://drupal.org/node/1762684 https://drupal.org/node/1762686 https://drupal.org/node/1762734 https://exchange.xforce.ibmcloud.com/vulnerabilities/78153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1905
https://notcve.org/view.php?id=CVE-2013-1905
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de secuencias de comandos entre sitios múltiples (XSS) en el tema Zero Point v7.x-1.x antes de 7.x-1.9 para Drupal que permite a atacantes remotos inyectar código web script o HTML a través de vectores sin especificar. • http://drupal.org/node/1954588 http://osvdb.org/91745 http://packetstormsecurity.com/files/120985/Drupal-Zero-Point-7.x-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Mar/241 http://secunia.com/advisories/52775 http://www.securityfocus.com/bid/58758 https://drupal.org/node/1953840 https://exchange.xforce.ibmcloud.com/vulnerabilities/83137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1783
https://notcve.org/view.php?id=CVE-2013-1783
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la "galería de 3 diapositivas" en la pagina front.tpl.php del tema Business anterior a v7.x-1.8 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1723246 http://drupal.org/node/1929496 http://drupalcode.org/project/business.git/commitdiff/02f081f http://osvdb.org/90685 http://secunia.com/advisories/52424 http://www.openwall.com/lists/oss-security/2013/02/28/3 http://www.securityfocus.com/bid/58216 https://exchange.xforce.ibmcloud.com/vulnerabilities/82460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2715
https://notcve.org/view.php?id=CVE-2013-2715
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo Search API (search_api) v7.x-1.x anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a través de la modificación del campo "name". • http://drupalcode.org/project/search_api.git/commitdiff/d22cf53 http://osvdb.org/89116 http://secunia.com/advisories/51806 http://www.openwall.com/lists/oss-security/2013/01/15/3 https://drupal.org/node/1884076 https://drupal.org/node/1884332 https://exchange.xforce.ibmcloud.com/vulnerabilities/81154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1782
https://notcve.org/view.php?id=CVE-2013-1782
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el tema Responsive Blog v7.x-1.x anterior a v7.x-1.6 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores relacionados con los iconos sociales. • http://drupal.org/node/1929396 http://drupal.org/node/1929488 http://drupalcode.org/project/responsive_blog.git/commitdiff/ce47de9 http://osvdb.org/90688 http://secunia.com/advisories/52423 http://www.openwall.com/lists/oss-security/2013/02/28/3 http://www.securityfocus.com/bid/58218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •