Page 39 of 402 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1

Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función themes_links en template.php en el módulo del tema Amadou v6.x-1.x anterior a v6.x-1.3 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con atributos class en una lista de enlaces. • http://drupal.org/node/1608730 http://drupal.org/node/1608780 http://drupalcode.org/project/amadou.git/commitdiff/071ea83 http://secunia.com/advisories/49328 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82433 http://www.securityfocus.com/bid/53732 https://exchange.xforce.ibmcloud.com/vulnerabilities/75997 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 0

Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Zen v6.x-1.x anterior a v6.x-1.1 para Drupal, cuando "Append the content title to the end of the breadcrumb" está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del "content title" en breadcrumb. • http://drupal.org/node/1585960 http://drupal.org/node/628480 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53573 https://exchange.xforce.ibmcloud.com/vulnerabilities/75711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy List v6.x-1.x anterior a v6.x-1.4 para Drupal, permite a usuarios remotos autenticados, con permisos para crear o editar términos de la taxonomía a inyectar secuencias de comandos web o HTML a través de vectores que implican información de la taxonomía. • http://drupal.org/node/1595396 http://drupal.org/node/1597262 http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0 http://secunia.com/advisories/49238 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82164 http://www.securityfocus.com/bid/53671 https://exchange.xforce.ibmcloud.com/vulnerabilities/75867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 18EXPL: 1

Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Advertisement v6.x-2.x anterior a v6.x-2.3 para Drupal, cuando el modo de depuración está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el "variable $ conf en settings.php ". • http://drupal.org/node/1585544 http://drupalcode.org/project/ad.git/commitdiff/4337f34 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://drupal.org/node/1580376 https://exchange.xforce.ibmcloud.com/vulnerabilities/75718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 2

Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Protest v6.x-1.x anterior a v6.x-1.2 o v7.x 1.x, anterior a v7.x-1.2 para Drupal permite a usuarios remotos autenticados con la "administración de la protesta" permiso para inyectar secuencias de comandos web o HTML a través del parámetro protest_body • http://drupal.org/node/1618090 http://drupal.org/node/1618092 http://drupal.org/node/1619856 http://drupalcode.org/project/protest.git/commitdiff/c85eaed http://drupalcode.org/project/protest.git/commitdiff/cf8c543 http://secunia.com/advisories/49386 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82715 https://exchange.xforce.ibmcloud.com/vulnerabilities/76126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •