CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1659
https://notcve.org/view.php?id=CVE-2012-1659
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Node Recommendation v6.x-1.x antes de v6.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1471906 http://drupal.org/node/1471940 http://drupalcode.org/project/noderecommendation.git/commit/55567d0 http://secunia.com/advisories/48330 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79853 http://www.securityfocus.com/bid/52343 https://exchange.xforce.ibmcloud.com/vulnerabilities/73778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 45EXPL: 0CVE-2012-1660
https://notcve.org/view.php?id=CVE-2012-1660
Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en components/select.inc en el módulo Webform v6.x-3.x antes de v6.x-3.17 y v7.x-3.x antes de v7.x-3.17 para Drupal, cuando el módulo "Select (or other)" está habilitado, permite a usuarios autenticados remotamente con permisos de creación de contenidos webform, inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) casillas de verificación o (2) botones radio. • http://drupal.org/node/1472178 http://drupal.org/node/1472180 http://drupal.org/node/1472214 http://drupalcode.org/project/webform.git/commit/90af819 http://drupalcode.org/project/webform.git/commit/917fa91 http://secunia.com/advisories/48310 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79852 http://www.securityfocus.com/bid/52345 https://exchange.xforce.ibmcloud.com/vulnerabilities/73779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1656
https://notcve.org/view.php?id=CVE-2012-1656
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. Vulnerabilidad de inyección de comandos SQL en el módulo Multisite Search v6.x-2.2 para Drupal, permite a usuarios autenticados remotaente con algunos permisos, ejecutar comandos SQL a través del prefijo de campo de la tabla Site. • http://drupal.org/node/1471800 http://www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79857 http://www.securityfocus.com/bid/52342 https://exchange.xforce.ibmcloud.com/vulnerabilities/73898 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1655
https://notcve.org/view.php?id=CVE-2012-1655
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. Vulnerabilidad no especificada en el módulo de pago UC PayDutchGroup / WeDeal v6.x-1.0 para Drupal, permite a usuarios autenticados remotamente obtener credenciales de cuentas a través de vectores de ataque desconocidos. • http://drupal.org/node/1471800 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79855 http://www.securityfocus.com/bid/52344 https://exchange.xforce.ibmcloud.com/vulnerabilities/73897 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1658
https://notcve.org/view.php?id=CVE-2012-1658
Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Read More Link v6.x-3.x antes de v6.x-3.1 para Drupal, permite a usuarios autenticados remotamente, con permiso de acceso a páginas de administración, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1471080 http://drupal.org/node/1471822 http://secunia.com/advisories/48138 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79856 http://www.securityfocus.com/bid/52340 https://exchange.xforce.ibmcloud.com/vulnerabilities/73777 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •