Page 36 of 194 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 2

Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Protest v6.x-1.x anterior a v6.x-1.2 o v7.x 1.x, anterior a v7.x-1.2 para Drupal permite a usuarios remotos autenticados con la "administración de la protesta" permiso para inyectar secuencias de comandos web o HTML a través del parámetro protest_body • http://drupal.org/node/1618090 http://drupal.org/node/1618092 http://drupal.org/node/1619856 http://drupalcode.org/project/protest.git/commitdiff/c85eaed http://drupalcode.org/project/protest.git/commitdiff/cf8c543 http://secunia.com/advisories/49386 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82715 https://exchange.xforce.ibmcloud.com/vulnerabilities/76126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0

Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. Vulnerabilidad de redirección en el módulo Janrain Capture v6.x-1.0 y 7.x-1.0 para Drupal, al sincronizar los datos del usuario, permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de una URL en el parámetro destination • http://drupal.org/node/1632702 http://drupal.org/node/1632704 http://drupal.org/node/1632734 http://secunia.com/advisories/49480 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82958 http://www.securityfocus.com/bid/53992 https://exchange.xforce.ibmcloud.com/vulnerabilities/76292 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 9EXPL: 2

The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. La interfaz de selección de nodos en el editor WYSIWYG (CKEditor) en Node Embed module v6.x-1.x anterior a v6.x-1.5 y v7.x-1.x, anterior a v7.x-1.0 para Drupal no comprueba correctamente los permisos y permite a atacantes remotos eludir restricciones de acceso y destinados a leer los títulos de los nodos. • http://drupal.org/node/1618428 http://drupal.org/node/1618430 http://drupal.org/node/1619824 http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c http://drupalcode.org/project/node_embed.git/commitdiff/d06f022 http://secunia.com/advisories/48348 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82735 http://www.securityfocus.com/bid/53835 https://exchange.xforce.ibmcloud.com/vulnerabilities/76148 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 0%CPEs: 14EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. Mútiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el módulo Search API v7.x-1.x anterior a v7.x-1.1 para Drupal, cuando el apoyo a la introducción manual de los identificadores de campo, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionado con las excepciones producidas y los errores de registro • http://drupal.org/node/1596524 http://drupal.org/node/1597364 http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c http://secunia.com/advisories/49236 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82230 http://www.securityfocus.com/bid/53672 https://exchange.xforce.ibmcloud.com/vulnerabilities/75868 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo Maestro v7.x-1.x anteriores a v7.x-1.2 para Drupal, permite a atacantes remotos secuestrar la autenticación de los administradores para (1) cambiar los flujos de trabajo o (2) insertar secuencias de comandos en sitios cruzados. • http://drupal.org/node/1617952 http://drupal.org/node/1619830 http://drupalcode.org/project/maestro.git/commitdiff/c499971 http://secunia.com/advisories/49393 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82714 http://www.securityfocus.com/bid/53836 https://exchange.xforce.ibmcloud.com/vulnerabilities/76146 • CWE-352: Cross-Site Request Forgery (CSRF) •