Page 30 of 151 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2008-3218

https://notcve.org/view.php?id=CVE-2008-3218

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. Múltiples vulnerabilidades de cross-site scripting (XSS) en versiones de Drupal 6.x anteriores a 6.3 permiten a atacantes remotos inyectar scripts web o HTML arbitrario a través de vectores relacionados con (1) un etiquetado libre de términos de taxonomía, que no son manejados correctamente en el módulo de vista previa, y con (2) valores OpenID sin especificar. • http://drupal.org/node/280571 http://secunia.com/advisories/31079 http://www.openwall.com/lists/oss-security/2008/07/10/3 http://www.securityfocus.com/bid/30168 https://bugzilla.redhat.com/show_bug.cgi?id=454849 https://exchange.xforce.ibmcloud.com/vulnerabilities/43704 https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html https://www.redhat.com/archives/fedora-package-announce& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

CVE-2008-2771

https://notcve.org/view.php?id=CVE-2008-2771

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors. El módulo Node Hierarchy 5.x anterior a 5.x-1.1 y 6.x anteriores a 6.x-1.0 para Drupal no implementa adecuadamente los controles de acceso, lo que permite a atacantes remotos con permiso de "acceso al contenido", evitar las restricciones y modificar la jerarquía a través de vectores de ataque indeterminados. • http://drupal.org/node/269473 http://secunia.com/advisories/30622 http://www.securityfocus.com/bid/29675 https://exchange.xforce.ibmcloud.com/vulnerabilities/43006 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-1792

https://notcve.org/view.php?id=CVE-2008-1792

Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la insercción de filtros del módulo Flickr Drupal 5.x versiones anteriores a 5.x-1.3 y 6.x versiones anteriores a 6.x-1.0-alpha permite a atacantes remotos inyectar web script o HTML de su elección a través de vectores no especificados. • http://drupal.org/node/241939 http://secunia.com/advisories/29658 http://www.securityfocus.com/bid/28594 http://www.vupen.com/english/advisories/2008/1082/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41603 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-1729

https://notcve.org/view.php?id=CVE-2008-1729

The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3) blog pages, related to a missing check for the "access content" permission; and (4) allows remote authenticated users, with administration page view access, to edit content types. El menú de sistema en Drupal 6 anterior a 6.2 tiene configuraciones de menu incorrectas, que permiten a atacantes remotos (1) editar las páginas de perfil de usuarios a su elección, y obtener información sensible del (2) rastreador y (3) páginas de blog, relacionados con falta de comprobaciones de los permisos de "acceso a contenidos"; y (4) permite autenticación de usuarios remotos, con acceso a página de administración, para editar tipos de contenidos. • http://drupal.org/node/244637 http://secunia.com/advisories/29762 http://www.osvdb.org/44270 http://www.securityfocus.com/bid/28714 http://www.vupen.com/english/advisories/2008/1185/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41755 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2008-1133

https://notcve.org/view.php?id=CVE-2008-1133

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. La función Drupal.checkPlain en Drupal 6.0 escapa únicamente a la primera instancia del carácter en ECMAScript, lo que permite a atacantes remotos dirigir ataques de secuencias de comandos en sitios cruzados (XSS). • http://drupal.org/node/227608 http://secunia.com/advisories/29118 http://www.securityfocus.com/bid/28026 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •