CVSS: 6.8EPSS: 1%CPEs: 56EXPL: 0CVE-2012-2067
https://notcve.org/view.php?id=CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el módulo CKEditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v7.x-1.x anterior a v7.x-1.7 para Drupal, cuando el módulo de núcleo de PHP está activado, permite a usuarios remotos autenticados o atacantes remotos ejecutar código PHP arbitrario a través del parámetro de texto a un filtro de texto. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80080 https://exchange.xforce.ibmcloud.com/vulnerabilities/74037 •
CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-2065
https://notcve.org/view.php?id=CVE-2012-2065
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo Language Icons v6.x-2.x anterior a v6.x-2.1 y v7.x-1.x anterior a v7.x-1.0 para Drupal permite a usuarios remotos autenticados administrar permisos de idiomas para inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://drupal.org/node/1482136 http://drupal.org/node/1482144 http://drupal.org/node/1482428 http://drupalcode.org/project/languageicons.git/commit/be620bb http://drupalcode.org/project/languageicons.git/commit/e3f3f1f http://secunia.com/advisories/48405 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80070 http://www.securityfocus.com/bid/52499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2066
https://notcve.org/view.php?id=CVE-2012-2066
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo FCKeditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v77.x-1.x anterior a v7.x-1.7 para Drupal permite a usuarios remotos autenticados o atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80079 https://exchange.xforce.ibmcloud.com/vulnerabilities/74036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2068
https://notcve.org/view.php?id=CVE-2012-2068
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en fancy_slide.module en el módulo Fancy Slide antes de v6.x-2.7 para Drupal, permite a usuarios autenticados remotamente con permisos de administración fancy_slide inyectar secuencias de comandos web o HTML a través de los parámetros (1) node_title o (2) nodequeue_title. • http://drupal.org/node/1417688 http://drupal.org/node/1482744 http://drupalcode.org/project/fancy_slide.git/commit/cd2a424 http://secunia.com/advisories/48412 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80069 http://www.securityfocus.com/bid/52513 https://exchange.xforce.ibmcloud.com/vulnerabilities/74070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2083
https://notcve.org/view.php?id=CVE-2012-2083
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función fusion_core_preprocess_page de fusion_core/template.php en el módulo Fusion anteriores a v6.x-1.13 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro q. • http://drupal.org/node/1506600 http://drupal.org/node/1507510 http://drupalcode.org/project/fusion.git/commit/f7cee3d http://osvdb.org/80680 http://secunia.com/advisories/48606 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •