CVSS: 2.6EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0244
https://notcve.org/view.php?id=CVE-2013-0244
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. Cross-site scripting (XSS) en Drupal 6.x anterior a 6.28 y 7.x anterior a 7.19, cuando se ejecuta con versiones anteriores de jQuery que son vulnerables a CVE-2011-4969, que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores que involucran funciones Javascript sin especificar que se utilizan para seleccionar los elementos DOM. • http://osvdb.org/89306 http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html http://seclists.org/fulldisclosure/2013/Jan/120 http://seclists.org/oss-sec/2013/q1/211 http://www.debian.org/security/2013/dsa-2776 https://drupal.org/SA-CORE-2013-001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4379
https://notcve.org/view.php?id=CVE-2013-4379
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. El módulo Make Meeting Scheduler 6.x-1.x anterior a la versión 6.x-1.3 para Drupal permite a atacantes remotos evadir restricciones de acceso de una encuesta a través de una petición directa a la URL del nodo en lugar the la URL hash. • http://secunia.com/advisories/54634 http://www.openwall.com/lists/oss-security/2013/09/27/6 https://drupal.org/node/2081637 https://drupal.org/node/2081647 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4384
https://notcve.org/view.php?id=CVE-2013-4384
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. Vulnerabilidad de XSS en el módulo Google Site Search 6.x-1.x anterior a la versión 6.x-1.4 y 7.x-1.x anterior a 7.x-1.10 para Drupal permite a atacantes remotos inyectar script web arbitrario o HTML, provocando que datos diseñados sean devueltos por la API de Google. • http://osvdb.org/97503 http://www.securityfocus.com/bid/62495 https://drupal.org/node/2092395 https://exchange.xforce.ibmcloud.com/vulnerabilities/87285 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-5965
https://notcve.org/view.php?id=CVE-2013-5965
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. El módulo Node View permissions 7.x-1-x (anteriores a 7.x-1.2) para Drupal no implementa apropiadamente la función hook_query_alter, lo que podría permitir a atacantes remotos obtener información sensible leyendo la lista de nodos. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html http://secunia.com/advisories/54550 http://www.openwall.com/lists/oss-security/2013/09/11/9 https://drupal.org/node/2031621 https://drupal.org/node/2076315 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-5964
https://notcve.org/view.php?id=CVE-2013-5964
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. Vulnerabilidad cross-site scripting (XSS) en la página de administración del módulo Flag 7.x-3.x anteriores a 7.x-3.1 para Drupal permite a usuarios autenticados remotos con permisos "Administer flags" inyectar script web o HTML a través del título de flag. • http://archives.neohapsis.com/archives/bugtraq/2013-08/0184.html http://osvdb.org/96750 http://seclists.org/fulldisclosure/2013/Aug/287 https://drupal.org/node/2075287 https://drupal.org/node/2076221 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •