CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2122
https://notcve.org/view.php?id=CVE-2013-2122
The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. El módulo Edit Limit v7.x-1.x anterior a v7.x-1.3 para Drupal no restringe adecuadamente el acceso a los comentarios, permitiendo a usuarios remotos autenticados con los permisos "edit comments" editar los comentarios arbitrarias de otros usuarios a través de vectores no especificados. • http://osvdb.org/93725 http://seclists.org/fulldisclosure/2013/May/208 http://secunia.com/advisories/53556 http://www.openwall.com/lists/oss-security/2013/05/29/9 http://www.securityfocus.com/bid/60209 https://drupal.org/node/2006188 https://drupal.org/node/2007048 https://exchange.xforce.ibmcloud.com/vulnerabilities/84630 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-2158
https://notcve.org/view.php?id=CVE-2013-2158
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el modulo Services v6.x-3.x y v7.x-3.x anterior a v7.x-3.4 para Drupal permite a atacantes remotos secuestrar la autenticación de las víctimas a través de vectores no especificados desconocidos. • http://osvdb.org/93980 http://seclists.org/fulldisclosure/2013/Jun/23 http://secunia.com/advisories/53649 http://secunia.com/advisories/53661 http://www.securityfocus.com/bid/60356 https://drupal.org/node/2012366 https://drupal.org/node/2012982 https://exchange.xforce.ibmcloud.com/vulnerabilities/84791 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-6574
https://notcve.org/view.php?id=CVE-2012-6574
Cross-site scripting (XSS) vulnerability in the Fonecta verify module 7.x-1.x before 7.x-1.6 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo Fonecta verify 7.x-1.x anterior a 7.x-1.6 para Drupal, lo que permite a atacantes remotos desde diferentes orígenes inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://www.securityfocus.com/bid/55614 https://drupal.org/node/1778782 https://drupal.org/node/1789258 https://exchange.xforce.ibmcloud.com/vulnerabilities/78699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-6575
https://notcve.org/view.php?id=CVE-2012-6575
Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo Exposed Filter Data 6.x-1.x anterior a 6.x-1.2 para Drupal, lo que permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://osvdb.org/85190 https://drupal.org/node/1774636 https://drupal.org/node/1775582 https://exchange.xforce.ibmcloud.com/vulnerabilities/78316 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6576
https://notcve.org/view.php?id=CVE-2012-6576
Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad XSS en el módulo PRH Search 7.x-1.x anterior a 7.x-1.1 para Drupal, lo que permite a atacantes remotos desde diferentes orígenes inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados. • http://secunia.com/advisories/50672 https://drupal.org/node/1778778 https://drupal.org/node/1789252 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •