CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4497
https://notcve.org/view.php?id=CVE-2012-4497
Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. Vulnerabilidad de Cross-Site Scripting (XSS) en "3 slide gallery" en el módulo Elegant Theme en versiones 7.x-1.x anteriores a la 7.x-1.1 para Drupal permite que usuarios autenticados remotos con el permiso "administer themes" inyecten scripts web o HTML arbitrarios mediante una URL de slide. • http://drupal.org/node/1722880 http://drupal.org/node/1733056 http://drupalcode.org/project/elegant_theme.git/commitdiff/bdea7b1 http://secunia.com/advisories/50273 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2012-4485
https://notcve.org/view.php?id=CVE-2012-4485
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función galleryformatter_field_formatter_view en galleryformatter.tpl.php en el módulo Gallery formatter antes de v7.x-1.2 para Drupal permite a usuarios autenticados remotamente con permisos para crear un nodo o entidad inyectar secuencias de comandos web o HTML a través del parámetro (1) title o (2) alt. • http://drupal.org/node/1699744 http://drupal.org/node/1700578 http://drupalcode.org/project/galleryformatter.git/commitdiff/b0392a1 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4499
https://notcve.org/view.php?id=CVE-2012-4499
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. La página de formateador de contacto en el módulo Email Field v6.x-1.x antes de v6.x-1.2 y v7.x-1.x antes de v7.x-1.1 para Drupal permite a atacantes remotos para enviar la dirección almacenada en la entidad a través de vectores no especificados. • http://drupal.org/node/1761948 http://drupal.org/node/1761968 http://drupal.org/node/1762470 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4494
https://notcve.org/view.php?id=CVE-2012-4494
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in. El módulo de autenticación Shibboleth v7.x-4.0 para Drupal no comprueba correctamente la condición activa de los usuarios, lo que permite a usuarios remotos bloqueados eludir las restricciones de acceso y posiblemente tener otro impacto por el acceso. • http://drupal.org/node/1493244 http://drupal.org/node/1719392 http://drupalcode.org/project/shib_auth.git/commitdiff/2032f0a http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 1CVE-2012-4489
https://notcve.org/view.php?id=CVE-2012-4489
Open redirect vulnerability in the securelogin_secure_redirect function in the Secure Login module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter. Vulnerabilidad de redirección abierta en la función securelogin_secure_redirect en el módulo Secure Login v7.x-1.x antes de 7v.x-1.3 para Drupal permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y llevar a cabo ataques de phishing a través de una URL en el parámetro q. • http://drupal.org/node/1700594 http://drupalcode.org/project/securelogin.git/commitdiff/88518df http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54675 https://drupal.org/node/1692976 https://drupal.org/node/1698988 • CWE-20: Improper Input Validation •