Page 25 of 194 results (0.009 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or HTML via crafted a (1) Watchdog message or (2) admin setting. Multiples cross-site scripting (XSS) en el modulo Varnish v6.x-1.x anterior a v6.x-1.2 y v7.x-1.x anterior a v7.x-1.0-beta2 para Drupal permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) mensajes Watchdog o (2) configuración del administrador. • http://drupal.org/node/1922726 http://drupal.org/node/1922730 http://drupal.org/node/1922756 http://drupalcode.org/project/varnish.git/commitdiff/e6726b4 http://drupalcode.org/project/varnish.git/commitdiff/f69a62c http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter. Ejecución de comandos en sitios cruzados (XSS) en el módulo Boxes v7.x-1.x antes v7.x-1.1 para Drupal que permite a usuarios remotos autenticados, con permiso para administrar o editar los permisos de las cajas, inyectar secuencias de comandos web o HTML a través del parámetro sujeto. • http://drupal.org/node/1897016 http://drupal.org/node/1903300 http://drupalcode.org/project/boxes.git/commitdiff/456ff8e http://www.openwall.com/lists/oss-security/2013/02/05/1 http://www.securityfocus.com/bid/57642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0

Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. Ejecución de secuencias de comandos en sitios cruzados(XSS) en el módulo Display Suite de v7.x-1.x antes v7.x-1.7 y v7.x-2.x antes v7.x-2.1 para Drupal que permite a atacantes remotos inyectar web script o HTML a través del campo de autor. • http://drupal.org/node/1922424 http://drupal.org/node/1922430 http://drupal.org/node/1922438 http://drupalcode.org/project/ds.git/commitdiff/45d490e http://drupalcode.org/project/ds.git/commitdiff/665c791 http://drupalcode.org/project/ds.git/commitdiff/90bcd8f http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Search API Sorts v7.x-1.x anterior a v7.x-1.4 para Drupal, permite a usuarios remotos autenticados con ciertos roles inyectar secuencias de comandos web o HTML a través de de campos de etiquetas no especificados. • http://drupalcode.org/project/search_api_sorts.git/commitdiff/f6cbf47 http://www.openwall.com/lists/oss-security/2013/01/25/4 https://drupal.org/node/1896756 https://drupal.org/node/1896782 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 28EXPL: 0

Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject arbitrary web script or HTML via a relationship name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo User Relationships v6.x-1.x anterior a v6.x-1.4 y v7.x-1.x anterior a v7.x-1.0-alpha5 para Drupal, permite a usuarios remotos autenticados con el permiso "administrar las relaciones de usuario" inyectar secuencias de comandos web o HTML a través de un nombre de relación. • http://drupalcode.org/project/user_relationships.git/commitdiff/17e94b9 http://drupalcode.org/project/user_relationships.git/commitdiff/b9a4739 http://www.openwall.com/lists/oss-security/2013/01/25/4 https://drupal.org/node/1896272 https://drupal.org/node/1896276 https://drupal.org/node/1896720 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •