CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4139
https://notcve.org/view.php?id=CVE-2013-4139
The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to cause a denial of service (file operations performance degradation and failure) via a large number of requests. El módulo Stage File Proxy v7.x-1.x anterior a v7.x-1.4 para Drupal, lo que permite a atacantes remotos provocar una denegación de servicio (degradación del rendimiento de las operaciones de ficheros y fallos) a través de un gran número de solicitudes. • http://www.openwall.com/lists/oss-security/2013/07/17/1 https://drupal.org/node/2038799 https://drupal.org/node/2038801 •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4138
https://notcve.org/view.php?id=CVE-2013-4138
Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en el tema Hatch v7.x-1.x anterior a v7.x-1.4 para Drupal lo que permite a usuarios remotos autenticados con los permisos "Administer content," "Create new article," o "Edit any article type content", inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2013/07/17/1 https://drupal.org/node/2038189 https://drupal.org/node/2038363 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2013-2247
https://notcve.org/view.php?id=CVE-2013-2247
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. El módulo Fast Permissions Administration v6.x-2.x anterior a v6.x-2.5 y v7.x-2.x anterior a v7.x-2.3 para Drupal no restringe adecuadamente el acceso a la función de llamada de modelo de contenidos lo que permite a atacantes remotos obtener acceso no especificado en el formulario de edición permisos. • http://www.openwall.com/lists/oss-security/2013/07/06/3 https://drupal.org/node/2028417 https://drupal.org/node/2028421 https://drupal.org/node/2028813 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0CVE-2013-2123
https://notcve.org/view.php?id=CVE-2013-2123
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. El módulo de acceso de referencia al usuario Node 6.x-3.x anteior a 6.x-3.5 y 7.x-3.x anteior a 7.x-3.10 para Drupal no restringe adecuadamente el acceso al contenido que contiene un campo de referencia al usuario cuando el autor actualiza o elimina permisos y la cuenta de dicho autor es eliminada, lo que permite a atacantes remotos modificar el contenido a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2013/05/29/9 https://drupal.org/node/2007072 https://drupal.org/node/2007078 https://drupal.org/node/2007122 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 11EXPL: 0CVE-2012-6583
https://notcve.org/view.php?id=CVE-2012-6583
Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. Vulnerabilidad Cross-site scripting (XSS) en el modulo Imagemenu v6.x-1.x anterior a v6.x-1.4 para Drupal permite a los usuarios remotos autenticados con el permiso "administrar imagemenu" inyectar secuencias de comandos web o HTML a través de un nombre de archivo de imagen. • http://osvdb.org/85679 http://secunia.com/advisories/50683 http://www.securityfocus.com/bid/55610 https://drupal.org/node/1788726 https://drupal.org/node/1789260 https://exchange.xforce.ibmcloud.com/vulnerabilities/78697 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •