CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2083
https://notcve.org/view.php?id=CVE-2012-2083
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función fusion_core_preprocess_page de fusion_core/template.php en el módulo Fusion anteriores a v6.x-1.13 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro q. • http://drupal.org/node/1506600 http://drupal.org/node/1507510 http://drupalcode.org/project/fusion.git/commit/f7cee3d http://osvdb.org/80680 http://secunia.com/advisories/48606 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 1CVE-2012-2704
https://notcve.org/view.php?id=CVE-2012-2704
The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. El módulo "Advertisement" v6.x-2.x antes de v6.x-2.3 para Drupal no restringe adecuadamente el acceso a depurar la información, lo que permite a atacantes remotos obtener información sensible de la configuración del sitio que se encuentra en la variable $conf en settings.php. • http://drupal.org/node/1585544 http://drupalcode.org/project/ad.git/commitdiff/c2ffab2 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://drupal.org/node/1580376 https://exchange.xforce.ibmcloud.com/vulnerabilities/75719 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 2CVE-2012-1647
https://notcve.org/view.php?id=CVE-2012-1647
Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en "stand alone PHP application for the OSM Player," que es usada en el módulo MediaFront v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x anterior a v7.x-1.5 para Drupal, permite a atacantes remotos inyectar código web y HTML de su elección a través de (1) $_SERVER['HTTP_HOST'] o (2) $_SERVER['SCRIPT_NAME'] a players/osmplayer/player/OSMPlayer.php, (3)parámetro playlist a players/osmplayer/player/getplaylist.php, y posiblemente otros vectores relacionados con $_SESSION. • http://drupalcode.org/project/mediafront.git/commitdiff/6300750 http://drupalcode.org/project/mediafront.git/commitdiff/b3857aa http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79684 http://www.securityfocus.com/bid/52229 https://drupal.org/node/1460892 https://drupal.org/node/1460894 https://drupal.org/node/1461424 https://exchange.xforce.ibmcloud.com/vulnerabilities/73606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1650
https://notcve.org/view.php?id=CVE-2012-1650
The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions. El módulo ZipCart en v6.x anterior a v6.x-1.4 para Drupal comprueba los permisos "access content" en lugar de los permisos "access ZipCart downloads" cuando construye archivos, lo que permite a usuarios autenticados de forma remota con acceso evitar restricciones de acceso. • http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79766 http://www.securityfocus.com/bid/52231 https://drupal.org/node/1460892 https://drupal.org/node/1461446 https://exchange.xforce.ibmcloud.com/vulnerabilities/73609 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 1CVE-2012-1644
https://notcve.org/view.php?id=CVE-2012-1644
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors. El módulo Organic Groups (OG) Vocabulary v6.x-1.x anterior a v6.x-1.2 para Drupal permite a atacantes remotos con ciertos permisos de administrador modificar el vocabulario de otros grupos a través de vectores no especificados. • http://drupal.org/node/1441086 http://drupalcode.org/project/og_vocab.git/commitdiff/cd8de08 http://secunia.com/advisories/48020 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79336 https://drupal.org/node/1441450 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 • CWE-264: Permissions, Privileges, and Access Controls •