CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2074
https://notcve.org/view.php?id=CVE-2012-2074
Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. Una vulnerabilidad no especificada en ciertas vistas por defecto en el módulo Ubercart Views v6.x antes de v6.x-3.2 para Drupal permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos. • http://drupal.org/node/1505210 http://drupal.org/node/1506428 http://osvdb.org/80677 http://secunia.com/advisories/48631 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52814 https://exchange.xforce.ibmcloud.com/vulnerabilities/74485 •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2012-2071
https://notcve.org/view.php?id=CVE-2012-2071
Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo "Contact Forms" v6.x-1.x antes de v6.x-1.13 para Drupal, cuando el formulario de contacto central está activado, permite inyectar secuencias de comandos web o HTML, a usuarios remotos autenticados con permisos de administración de formularios de contacto en todo el sitio web, a través de vectores no especificados. • http://drupal.org/node/1506330 http://drupal.org/node/1506404 http://osvdb.org/80674 http://secunia.com/advisories/48583 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52801 https://exchange.xforce.ibmcloud.com/vulnerabilities/74467 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2154
https://notcve.org/view.php?id=CVE-2012-2154
Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Módulo de vídeo CDN2 v6.x para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1506542 http://osvdb.org/80685 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/52812 https://exchange.xforce.ibmcloud.com/vulnerabilities/74520 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 2CVE-2012-2298
https://notcve.org/view.php?id=CVE-2012-2298
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo realname v6.x-1.x antes de v6.x-1.5 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) los nombres de usuario "en la página títulos" y (2) "las llamadas a autocompletar". • http://drupal.org/node/1547352 http://drupal.org/node/1547660 http://drupalcode.org/project/realname.git/commitdiff/41786d0 http://drupalcode.org/project/realname.git/commitdiff/b920794 http://secunia.com/advisories/48936 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53250 https://exchange.xforce.ibmcloud.com/vulnerabilities/75181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 35EXPL: 2CVE-2012-2299
https://notcve.org/view.php?id=CVE-2012-2299
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. El módulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x-v3.x antes de v7.x-3.1 para Drupal almacena las contraseñas para los nuevos clientes en el texto plano durante el pago, lo que permite a usuarios locales obtener información sensible mediante la lectura de la base de datos. • http://drupal.org/node/1547506 http://drupal.org/node/1547508 http://drupal.org/node/1547674 http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84 http://secunia.com/advisories/48935 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53251 • CWE-255: Credentials Management Errors •