CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-1632
https://notcve.org/view.php?id=CVE-2012-1632
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en password_policy.admin.inc en el módulo Password Policy anteriores a v6.x-1.4 y v7.x-1.0 beta3 para Drupal, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro name. • http://drupal.org/node/1401678 http://drupalcode.org/project/password_policy.git/commit/3c688c3b4a3ed96fdc4b89883595633338c7ebb6 http://secunia.com/advisories/47541 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1638
https://notcve.org/view.php?id=CVE-2012-1638
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Search Autocomplete anterior a la v7.x-2.1 para Drupal, permite a usuarios remotos autenticados con los permisos para usar "search_autocomplete", ejecutar comandos SQL de su elección a través de vectores no especificados. • http://drupal.org/node/1410674 http://drupal.org/node/1416612 http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6 http://secunia.com/advisories/47731 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51667 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-1651
https://notcve.org/view.php?id=CVE-2012-1651
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Submenu Tree antes de v6.x-1.5 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1132838 http://drupal.org/node/1461470 http://secunia.com/advisories/48202 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79696 http://www.securityfocus.com/bid/52226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1657
https://notcve.org/view.php?id=CVE-2012-1657
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en block_class.module en el módulo Block Class antes de v7.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través del nombre de clase. • http://drupal.org/node/1471090 http://drupal.org/node/1471808 http://drupalcode.org/project/block_class.git/commit/9a5205d http://secunia.com/advisories/48298 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79851 http://www.securityfocus.com/bid/52341 https://exchange.xforce.ibmcloud.com/vulnerabilities/73776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2063
https://notcve.org/view.php?id=CVE-2012-2063
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo Slidebox en versiones anteriores a 7.x-1.4 para Drupal no comprueba adecuadamente los permisos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1482166 http://drupal.org/node/1482342 http://drupalcode.org/project/slidebox.git/commit/3dae144 http://secunia.com/advisories/48360 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52500 https://exchange.xforce.ibmcloud.com/vulnerabilities/74067 • CWE-264: Permissions, Privileges, and Access Controls •