CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-6573
https://notcve.org/view.php?id=CVE-2012-6573
Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo Apache Solr Autocomplete v6.x-1.x antes de v6.x-1.4 y v7.x-1.x antes de v7.x-1.3 para Drupal que permite a atacantes remotos inyectar código arbitrario o HTML a través de vectores de autocompletado. • http://osvdb.org/85062 http://seclists.org/fulldisclosure/2013/Jun/212 http://secunia.com/advisories/50443 http://www.securityfocus.com/bid/55290 https://drupal.org/node/1762684 https://drupal.org/node/1762686 https://drupal.org/node/1762734 https://exchange.xforce.ibmcloud.com/vulnerabilities/78153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2177
https://notcve.org/view.php?id=CVE-2013-2177
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via an entity bundle label. Vulnerabilidad Cross-site scripting (XSS) en el modulo Display Suite v7.x-1.x anterior a v7.x-1.7 y v7.x-2.x anterior a v7.x-2.3 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a través de una etiqueta del paquete entidad. • http://osvdb.org/94234 http://seclists.org/fulldisclosure/2013/Jun/94 https://drupal.org/node/2017639 https://drupal.org/node/2017641 https://drupal.org/node/2017933 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-1971
https://notcve.org/view.php?id=CVE-2013-1971
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo MP3 Player para Drupal v6.x que permite a usuarios autenticados remotamente inyectar código script o HTML a través del nombre del fichero MP3. • http://www.securityfocus.com/bid/59276 https://drupal.org/node/1972804 https://exchange.xforce.ibmcloud.com/vulnerabilities/83649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2013-2036
https://notcve.org/view.php?id=CVE-2013-2036
Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." Vulnerabilidad XSS en el módulo Filebrowser 6.x-2.x anterior 6.x-1.1 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados relacionados con una lista de archivos. • http://secunia.com/advisories/53228 https://drupal.org/node/1983356 https://drupal.org/node/1984212 https://exchange.xforce.ibmcloud.com/vulnerabilities/83986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1972
https://notcve.org/view.php?id=CVE-2013-1972
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. Vulnerabilidad CSRF en el módulo para la gestión de archivos elFinder 6.x-0.x anterior a 6.x-0.8 y 7.x-0.x anterior a 7.x-0.8 para Drupal, permite a atacantes remotos secuestrar la auntenticación de víctimas no especificadas para crear, modificar o eliminar archivos a través de vectores desconocidos. • http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0237.html http://osvdb.org/92533 https://drupal.org/node/1972082 https://drupal.org/node/1972084 https://drupal.org/node/1972942 https://exchange.xforce.ibmcloud.com/vulnerabilities/83651 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •