CVSS: 5.3EPSS: 0%CPEs: 105EXPL: 0CVE-2016-6212
https://notcve.org/view.php?id=CVE-2016-6212
09 Sep 2016 — The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views module in Drupal 8.x before 8.1.3 might allow remote authenticated users to bypass intended access restrictions and obtain sensitive Statistics information via unspecified vectors. El módulo Views 7.x-3.x en versiones anteriores a 7.x-3.14 en Drupal 7.x y el módulo Views en Drupal 8.x en versiones anteriores a 8.1.3 podrían permitir a usuarios remotos autenticados eludir restricciones destinadas al acceso y obtener información de Statistic... • http://www.openwall.com/lists/oss-security/2016/07/13/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 63EXPL: 0CVE-2016-3162
https://notcve.org/view.php?id=CVE-2016-3162
12 Apr 2016 — The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. El módulo File en Drupal 7.x en versiones anteriores a 7.43 y 8.x en versiones anteriores a 8.0.4 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso y leer, eliminar o sustituir un enlace a un arch... • http://www.debian.org/security/2016/dsa-3498 • CWE-284: Improper Access Control •
CVSS: 7.4EPSS: 0%CPEs: 143EXPL: 0CVE-2016-3164
https://notcve.org/view.php?id=CVE-2016-3164
12 Apr 2016 — Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might allow remote attackers to conduct open redirect attacks by leveraging (1) custom code or (2) a form shown on a 404 error page, related to path manipulation. Drupal 6.x en versiones anteriores a 6.38, 7.x en versiones anteriores a 7.43 y 8.x en versiones anteriores a 8.0.4 podría permitir a atacantes remotos llevar a cabo ataques de redirección abierta aprovechando (1) código personalizado o (2) un formulario mostrado en un página de error 4... • http://www.debian.org/security/2016/dsa-3498 •
CVSS: 5.3EPSS: 0%CPEs: 94EXPL: 0CVE-2016-3170
https://notcve.org/view.php?id=CVE-2016-3170
12 Apr 2016 — The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in. Los enlaces de "has olvidado tu contraseña" en el módulo User en Drupal 7.x en versiones anteriores a 7.43 y 8.x en versiones anteriores a 8.0.4 permiten a atacantes remotos obtener información sensible de nombre de usuario ... • http://www.debian.org/security/2016/dsa-3498 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 8EXPL: 1CVE-2010-5312 – jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
https://notcve.org/view.php?id=CVE-2010-5312
24 Nov 2014 — Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. Vulnerabilidad de XSS en jquery.ui.dialog.js en el widget Dialog en jQuery UI anterior a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la opción del título. Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web admini... • http://bugs.jqueryui.com/ticket/6016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0205
https://notcve.org/view.php?id=CVE-2013-0205
19 Mar 2013 — Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo RESTful Web Services (restws) v7.x-1.x anterior a v7.x-1.2 y v7.x-2.x anterior a v7.x-2.0-alpha4 para Drupal, permite a atacantes remotos secuestrar la autenticació... • http://www.openwall.com/lists/oss-security/2013/01/21/5 • CWE-352: Cross-Site Request Forgery (CSRF) •