Page 4 of 30 results (0.003 seconds)

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el módulo Web Links 6.x-2.x en versiones anteriores a 6.x-2.6 y 7.x-1.x en versiones anteriores a 7.x-1.0 para Drupal, permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/07/04/4 https://www.drupal.org/node/2487542 https://www.drupal.org/node/2487548 https://www.drupal.org/node/2492209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query. Vulnerabilidad de XSS en el módulo Current Search Links 7.x-1.x anterior a 7.x-1.1 para Drupal, cuando la opción 'Agregue las palabras clave conseguidas del usuario a la lista' está deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una consulta de búsqueda manipulada. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74357 https://www.drupal.org/node/2463493 https://www.drupal.org/node/2463843 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. El plugin syndication-links versiones anteriores a 1.0.3 para WordPress, presenta una vulnerabilidad de tipo XSS por medio del identificador de anclaje del archivo genericons/example.html. The Syndication Links plugin for WordPress is vulnerable to DOM-based Cross-Site Scripting via the genericons/example.html anchor identifier in versions up to 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://wordpress.org/plugins/syndication-links/#developers https://wpvulndb.com/vulnerabilities/7981 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la extensión External links click statistics (outstats) 0.0.3 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir parameter. Vulnerabilidad de XSS en inpage.tpl.php en el plugin Keyword Strategy Internal Links 2.0 y anteriores para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) sort, (2) search, o (3) dir. • http://codevigilant.com/disclosure/wp-plugin-keyword-strategy-internal-links-a3-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •