CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1785
https://notcve.org/view.php?id=CVE-2013-1785
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la "galería de 3 diapositivas" del tema Premium Responsive anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1730752 http://drupal.org/node/1929508 http://drupalcode.org/project/responsive.git/commitdiff/1c6fa91 http://drupalcode.org/project/responsive.git/commitdiff/6b593ff http://www.openwall.com/lists/oss-security/2013/02/28/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2013-0323
https://notcve.org/view.php?id=CVE-2013-0323
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. Ejecución de secuencias de comandos en sitios cruzados(XSS) en el módulo Display Suite de v7.x-1.x antes v7.x-1.7 y v7.x-2.x antes v7.x-2.1 para Drupal que permite a atacantes remotos inyectar web script o HTML a través del campo de autor. • http://drupal.org/node/1922424 http://drupal.org/node/1922430 http://drupal.org/node/1922438 http://drupalcode.org/project/ds.git/commitdiff/45d490e http://drupalcode.org/project/ds.git/commitdiff/665c791 http://drupalcode.org/project/ds.git/commitdiff/90bcd8f http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0227
https://notcve.org/view.php?id=CVE-2013-0227
Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Search API Sorts v7.x-1.x anterior a v7.x-1.4 para Drupal, permite a usuarios remotos autenticados con ciertos roles inyectar secuencias de comandos web o HTML a través de de campos de etiquetas no especificados. • http://drupalcode.org/project/search_api_sorts.git/commitdiff/f6cbf47 http://www.openwall.com/lists/oss-security/2013/01/25/4 https://drupal.org/node/1896756 https://drupal.org/node/1896782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 28EXPL: 0CVE-2013-0225
https://notcve.org/view.php?id=CVE-2013-0225
Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo User Relationships v6.x-1.x anterior a v6.x-1.4 y v7.x-1.x anterior a v7.x-1.0-alpha5 para Drupal, permite a usuarios remotos autenticados con el permiso "administrar las relaciones de usuario" inyectar secuencias de comandos web o HTML a través de un nombre de relación. • http://drupalcode.org/project/user_relationships.git/commitdiff/17e94b9 http://drupalcode.org/project/user_relationships.git/commitdiff/b9a4739 http://www.openwall.com/lists/oss-security/2013/01/25/4 https://drupal.org/node/1896272 https://drupal.org/node/1896276 https://drupal.org/node/1896720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0205
https://notcve.org/view.php?id=CVE-2013-0205
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo RESTful Web Services (restws) v7.x-1.x anterior a v7.x-1.2 y v7.x-2.x anterior a v7.x-2.0-alpha4 para Drupal, permite a atacantes remotos secuestrar la autenticación de usuarios de su elección a traves de vectores desconocidos. • http://www.openwall.com/lists/oss-security/2013/01/21/5 https://drupal.org/node/1890212 https://drupal.org/node/1890216 https://drupal.org/node/1890222 • CWE-352: Cross-Site Request Forgery (CSRF) •