CVSS: 6.0EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1638
https://notcve.org/view.php?id=CVE-2012-1638
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el módulo Search Autocomplete anterior a la v7.x-2.1 para Drupal, permite a usuarios remotos autenticados con los permisos para usar "search_autocomplete", ejecutar comandos SQL de su elección a través de vectores no especificados. • http://drupal.org/node/1410674 http://drupal.org/node/1416612 http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6 http://secunia.com/advisories/47731 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/51667 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-1657
https://notcve.org/view.php?id=CVE-2012-1657
Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en block_class.module en el módulo Block Class antes de v7.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través del nombre de clase. • http://drupal.org/node/1471090 http://drupal.org/node/1471808 http://drupalcode.org/project/block_class.git/commit/9a5205d http://secunia.com/advisories/48298 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79851 http://www.securityfocus.com/bid/52341 https://exchange.xforce.ibmcloud.com/vulnerabilities/73776 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 19EXPL: 0CVE-2012-1654
https://notcve.org/view.php?id=CVE-2012-1654
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Data v6.x-1.x antes de v6.x-1.0 y v7.x-1.x antes de v7.x-1.0-alpha3 para Drupal, permite a usuarios autenticados remotamente con permisos de administración de tablas, inyectar secuencias de comandos web o HTML a través del parámetro title en (1) data.views.inc y (2) data_ui/data_ui.admin.inc. • http://drupal.org/node/1470980 http://drupal.org/node/1470982 http://drupal.org/node/1471780 http://drupalcode.org/project/data.git/commit/33f0caa http://drupalcode.org/project/data.git/commit/6f6858a http://secunia.com/advisories/48326 http://www.madirish.net/content/drupal-data-6x-10-xss-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79854 http://www.securityfocus.com/bid/52337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2064
https://notcve.org/view.php?id=CVE-2012-2064
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en theme/views_lang_switch.theme.inc en el módulo Views Language Switcher anterior a v7.x-1.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro q. • http://drupal.org/node/1482420 http://drupalcode.org/project/views_lang_switch.git/commit/c27c318 http://secunia.com/advisories/48355 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80071 http://www.securityfocus.com/bid/52497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2063
https://notcve.org/view.php?id=CVE-2012-2063
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo Slidebox en versiones anteriores a 7.x-1.4 para Drupal no comprueba adecuadamente los permisos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1482166 http://drupal.org/node/1482342 http://drupalcode.org/project/slidebox.git/commit/3dae144 http://secunia.com/advisories/48360 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52500 https://exchange.xforce.ibmcloud.com/vulnerabilities/74067 • CWE-264: Permissions, Privileges, and Access Controls •