CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1906
https://notcve.org/view.php?id=CVE-2013-1906
Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag. Vulnerabilidad XSS en el módulo Rules 7.x-2.x anterior a 7.x-2.3 para Drupal, permite a usuarios autenticados remotamente con los permisos "administrator rules" inyectar secuencias de comandos web o HTML de su elección a través de una etiqueta "rule". • http://secunia.com/advisories/52768 https://drupal.org/node/1954508 https://drupal.org/node/1954592 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1905
https://notcve.org/view.php?id=CVE-2013-1905
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de secuencias de comandos entre sitios múltiples (XSS) en el tema Zero Point v7.x-1.x antes de 7.x-1.9 para Drupal que permite a atacantes remotos inyectar código web script o HTML a través de vectores sin especificar. • http://drupal.org/node/1954588 http://osvdb.org/91745 http://packetstormsecurity.com/files/120985/Drupal-Zero-Point-7.x-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Mar/241 http://secunia.com/advisories/52775 http://www.securityfocus.com/bid/58758 https://drupal.org/node/1953840 https://exchange.xforce.ibmcloud.com/vulnerabilities/83137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-1887
https://notcve.org/view.php?id=CVE-2013-1887
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo Views v7.x-3.x anterior a v7.x-3.6 para Drupal permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a través de ciertos campos de la vista de configuración. • http://drupal.org/node/1948354 http://drupal.org/node/1948358 http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Mar/193 http://secunia.com/advisories/51540 http://www.openwall.com/lists/oss-security/2013/03/22/8 http://www.openwall.com/lists/oss-security/2013/03/25/4 http://www.osvdb.org/91576 http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0181
https://notcve.org/view.php?id=CVE-2013-0181
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Views en el API Search (search_api) módulo v7.x-1.x antes de v7.x-1.4 para Drupal, cuando se utilizan backends o ciertas facetas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la entrada no especificada,lo que se devuelve un mensaje de error. • http://drupalcode.org/project/search_api.git/commitdiff/35b5728 http://osvdb.org/89117 http://secunia.com/advisories/51806 http://www.openwall.com/lists/oss-security/2013/01/15/3 http://www.securityfocus.com/bid/57231 https://drupal.org/node/1884076 https://drupal.org/node/1884332 https://exchange.xforce.ibmcloud.com/vulnerabilities/81153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1787
https://notcve.org/view.php?id=CVE-2013-1787
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la "galería de 3 diapositivas" del tema Simple Corporate anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1730786 http://drupal.org/node/1929514 http://drupalcode.org/project/corporate.git/commitdiff/679a1d3 http://www.openwall.com/lists/oss-security/2013/02/28/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •