CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2715
https://notcve.org/view.php?id=CVE-2013-2715
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo Search API (search_api) v7.x-1.x anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a través de la modificación del campo "name". • http://drupalcode.org/project/search_api.git/commitdiff/d22cf53 http://osvdb.org/89116 http://secunia.com/advisories/51806 http://www.openwall.com/lists/oss-security/2013/01/15/3 https://drupal.org/node/1884076 https://drupal.org/node/1884332 https://exchange.xforce.ibmcloud.com/vulnerabilities/81154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1782
https://notcve.org/view.php?id=CVE-2013-1782
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el tema Responsive Blog v7.x-1.x anterior a v7.x-1.6 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores relacionados con los iconos sociales. • http://drupal.org/node/1929396 http://drupal.org/node/1929488 http://drupalcode.org/project/responsive_blog.git/commitdiff/ce47de9 http://osvdb.org/90688 http://secunia.com/advisories/52423 http://www.openwall.com/lists/oss-security/2013/02/28/3 http://www.securityfocus.com/bid/58218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0181
https://notcve.org/view.php?id=CVE-2013-0181
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Views en el API Search (search_api) módulo v7.x-1.x antes de v7.x-1.4 para Drupal, cuando se utilizan backends o ciertas facetas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la entrada no especificada,lo que se devuelve un mensaje de error. • http://drupalcode.org/project/search_api.git/commitdiff/35b5728 http://osvdb.org/89117 http://secunia.com/advisories/51806 http://www.openwall.com/lists/oss-security/2013/01/15/3 http://www.securityfocus.com/bid/57231 https://drupal.org/node/1884076 https://drupal.org/node/1884332 https://exchange.xforce.ibmcloud.com/vulnerabilities/81153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0258
https://notcve.org/view.php?id=CVE-2013-0258
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. El módulo Google Authenticator login (ga_login) v7.x antes v7.x-1.3 para Drupal, cuando la autenticación multi-factor está activada, permite a atacantes remotos evitar la autenticación para las cuentas sin un token Autenticador asociado Google inicia la sesión con el nombre de usuario. • http://drupal.org/node/1902102 http://drupal.org/node/1903282 http://drupalcode.org/project/ga_login.git/commitdiff/50b032d http://www.openwall.com/lists/oss-security/2013/02/05/1 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 36EXPL: 0CVE-2013-0316
https://notcve.org/view.php?id=CVE-2013-0316
The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. El módulo Image en Drupal v7.x antes v7.20 permite a atacantes remotos provocar una denegación de servicio (CPU y el consumo de espacio en disco) a través de un gran número de nuevas solicitudes derivantes . • http://drupal.org/SA-CORE-2013-002 http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-399: Resource Management Errors •