CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 1CVE-2012-1634
https://notcve.org/view.php?id=CVE-2012-1634
Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en video_filter.codecs.inc en el módulo Video Filter v6.x-2.x y v7.x-2.x para Drupal, permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través del parámetro EMBEDLOOKUP sobre enlaces Blip.tv. • http://drupal.org/node/1401838 http://drupalcode.org/project/video_filter.git/commit/49680a6 http://drupalcode.org/project/video_filter.git/commit/c90c86e http://justin.madirish.net/content/drupal-video-filter-6x-28-xss-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51381 https://exchange.xforce.ibmcloud.com/vulnerabilities/72359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2012-1623
https://notcve.org/view.php?id=CVE-2012-1623
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. El módulo Registration Codes anterior a v6.x-2.4 para Drupal no restringe el acceso a la lista de códigos de registro, lo que podría permitir a atacantes remotos evitar las restricciones de acceso impuestas. • http://drupal.org/node/1394172 http://secunia.com/advisories/47443 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/78184 http://www.securityfocus.com/bid/51271 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2011-5189
https://notcve.org/view.php?id=CVE-2011-5189
Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Webform Validation v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x anterior a v7.x-1.1 para Drupal, permite a usuarios remotos autenticados con permisos para "actualizar nodos Webform" inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://drupal.org/node/1357354 http://drupal.org/node/1357356 http://drupal.org/node/1357360 http://secunia.com/advisories/47035 http://www.osvdb.org/77426 https://exchange.xforce.ibmcloud.com/vulnerabilities/71597 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0CVE-2011-5187
https://notcve.org/view.php?id=CVE-2011-5187
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Support Ticketing System v6.x-1.x anteriores a v6.x-1.7 para Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1357300 http://drupal.org/node/1357378 http://secunia.com/advisories/47056 http://www.osvdb.org/77424 http://www.securityfocus.com/bid/50871 https://exchange.xforce.ibmcloud.com/vulnerabilities/71598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2011-5188
https://notcve.org/view.php?id=CVE-2011-5188
Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Timer Support v6.x-1.x antes de v6.x-1.4 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con el permiso "tiempo de pista finalizado" a través de vectores no especificados. • http://drupal.org/node/1357278 http://drupal.org/node/1357384 http://secunia.com/advisories/47030 http://www.osvdb.org/77423 https://exchange.xforce.ibmcloud.com/vulnerabilities/71596 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •