CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2012-4492
https://notcve.org/view.php?id=CVE-2012-4492
Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Shorten URLs v6.x-1.x antes de v6.x-1.13 y v7.x-1.x antes de v7.x-1.2 para Drupal, permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML a través de vectores no especificados en (1) el informe o (2) la página Custom Services List. • http://drupal.org/node/1719392 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54911 https://drupal.org/node/1719306 https://drupal.org/node/1719310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2010-5276
https://notcve.org/view.php?id=CVE-2010-5276
The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." El módulo Memcache v5.x antes de v5.x-1.10 y v6.x antes de v6.x-1.6 para Drupal, no maneja adecuadamente el objeto $user en memcache_admin, lo que puede "conducir a un cambio de rol no reconocido hasta que el usuario se conecta de nuevo." • http://drupal.org/node/926478 http://drupal.org/node/927016 http://secunia.com/advisories/41663 http://www.vupen.com/english/advisories/2010/2543 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2010-5275
https://notcve.org/view.php?id=CVE-2010-5275
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en memcache_admin en el módulo Memcache v5.x antes de v5.x-1.10 y v6.x antes de v6.x-1.6 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/926478 http://drupal.org/node/927016 http://secunia.com/advisories/41663 http://www.vupen.com/english/advisories/2010/2543 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2010-5277
https://notcve.org/view.php?id=CVE-2010-5277
Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors. Vulnerabilidad no especificada en el módulo Views Bulk Operations v6 antes de v6.x-1.10 para Drupal, permite a usuarios remotos autenticados con permisos de administración de usuario evitar restricciones de acceso y eliminar usuarios anónimos (usuarios 0) a través de vectores no especificados. • http://drupal.org/node/933596 http://drupal.org/node/933960 http://secunia.com/advisories/41696 http://www.securityfocus.com/bid/43813 https://exchange.xforce.ibmcloud.com/vulnerabilities/62316 •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1624
https://notcve.org/view.php?id=CVE-2012-1624
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Lingotek v6.x-1.x anteriores a v6.x-1.40 para Drupal, permite a atacantes remotos inyectar secuencias de comandos Web o HTML cuando (1) crea o (2) edita el contenido de la página. • http://drupal.org/node/1394220 http://drupal.org/node/1394412 http://secunia.com/advisories/47453 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/78185 http://www.securityfocus.com/bid/51272 https://exchange.xforce.ibmcloud.com/vulnerabilities/72151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •