CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8746
https://notcve.org/view.php?id=CVE-2014-8746
Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings. Vulnerabilidad de XSS en el tema Skeleton 7.x-1.2 hasta 7.x-1.3 anterior a 7.x-1.4, para Drupal permite a usuarios remotos autenticados con el permiso 'administrar temas' inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con las configuraciones de temas. • http://secunia.com/advisories/57831 https://exchange.xforce.ibmcloud.com/vulnerabilities/92529 https://www.drupal.org/node/2236259 https://www.drupal.org/node/2236821 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8748
https://notcve.org/view.php?id=CVE-2014-8748
Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission to inject arbitrary web script or HTML via a slot name. Vulnerabilidad de XSS en el módulo Google Doubleclick for Publishers (DFP) 7.x-1.x anterior a 7.x-1.2 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar dfp' inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de slot. • http://osvdb.org/102354 http://secunia.com/advisories/56521 https://drupal.org/node/2179085 https://www.drupal.org/node/2172167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 28EXPL: 0CVE-2014-8745
https://notcve.org/view.php?id=CVE-2014-8745
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary label. Vulnerabilidad de XSS en el módulo Custom Search 6.x-1.x anterior a 6.x-1.13 y 7.x-1.x anterior a 7.x-1.15 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar taxonomía' inyectar secuencias de comandos web o HTML arbitrarios a través de una etiqueta del vocabulario de la taxonomía. • http://drupal.org/node/2248077 http://secunia.com/advisories/58209 http://www.securityfocus.com/bid/67062 https://exchange.xforce.ibmcloud.com/vulnerabilities/92754 https://www.drupal.org/node/2247919 https://www.drupal.org/node/2247921 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-8744
https://notcve.org/view.php?id=CVE-2014-8744
Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title. Vulnerabilidad de XSS en el módulo Nivo Slider 7.x-2.x anterior a 7.x-1.11 para Drupal permite a usuarios remotos autenticados con el permiso 'administrar nivo slider' inyectar secuencias de comandos web o HTML arbitrarios a través de un título de imagen. • http://secunia.com/advisories/57459 http://www.securityfocus.com/bid/66327 https://exchange.xforce.ibmcloud.com/vulnerabilities/92009 https://www.drupal.org/node/2220545 https://www.drupal.org/node/2221481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0CVE-2014-8743
https://notcve.org/view.php?id=CVE-2014-8743
Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. Múltiples vulnerabilidades de XSS en el módulo Maestro 7.x-1.x anterior a 7.x-1.4 para Drupal permiten a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de (1) rol o (2) grupo orgánico. • http://secunia.com/advisories/56790 http://www.securityfocus.com/bid/65677 https://drupal.org/node/2200453 https://exchange.xforce.ibmcloud.com/vulnerabilities/91274 https://www.drupal.org/node/2013653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •