CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2012-5538
https://notcve.org/view.php?id=CVE-2012-5538
Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo FileField v6.x-1.x antes de v6.x-1.6 y v7.x-1.x antes de v7.x-1.6 para Drupal, cuando el campo tiene fuente "Referencia existente" activado, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del nombre de archivo de un archivo cargado. • http://drupal.org/node/1789300 http://drupal.org/node/1789302 http://drupal.org/node/1789306 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-5539
https://notcve.org/view.php?id=CVE-2012-5539
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. El módulo Organic Groups (OG) v7.x-1.x antes de v7.x-1.5 para Drupal no mantiene adecuadamente las membresías de grupo pendientes, lo que permite a usuarios autenticados remotamente postear en grupos de su elección modificando su propia cuente cuando hay una membresía pendiente de aprobación. • http://drupal.org/node/1795906 http://drupal.org/node/1796036 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 98EXPL: 0CVE-2012-5553
https://notcve.org/view.php?id=CVE-2012-5553
Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, or (5) vocabulary names. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo OM Maximanu v6.x-1.x antes de v6.x-1.44 y v7.x-1.x antes de v7.x-1.44 para Drupal permite a usuarios autenticados remotamente con permisos "administer OM Maximenu" inyectar secuencias de comandos web o HTML a través de (1) Menu Title (2) Link Title, (3) Path Query, (4) Anchor, o (5) nombres de vocabulario. • http://drupal.org/node/1834046 http://drupal.org/node/1834048 http://drupal.org/node/1834866 http://www.madirish.net/551 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0CVE-2012-2084
https://notcve.org/view.php?id=CVE-2012-2084
Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de impresión, correo electrónico y PDF versiones 6.x-1.x antes de 6.x-1.15 y 7.x-1.x antes 7.x-1.0 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores no especificados, probablemente el PATH_INFO. • http://drupal.org/node/1515060 http://drupal.org/node/1515076 http://drupal.org/node/1515722 http://drupalcode.org/project/print.git/commit/30480e0 http://drupalcode.org/project/print.git/commit/6771c3f http://secunia.com/advisories/48625 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52896 https://exchange.xforce.ibmcloud.com/vulnerabilities/74611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 31EXPL: 0CVE-2012-4553
https://notcve.org/view.php?id=CVE-2012-4553
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." Drupal v7.x antes de v7.16 permite a atacantes remotos obtener información sensible y posiblemente reinstalar Drupal y ejecutar código PHP arbitrario a través de un servidor de base de datos externa, relacionado con "las condiciones transitorias". • http://drupal.org/node/1815904 http://drupal.org/node/1815912 http://drupalcode.org/project/drupal.git/commit/b912710 http://www.openwall.com/lists/oss-security/2012/10/29/4 http://www.openwall.com/lists/oss-security/2012/10/30/5 • CWE-264: Permissions, Privileges, and Access Controls •