CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2729
https://notcve.org/view.php?id=CVE-2012-2729
Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF)en el módulo SimpleMeta v6.x-1.x anteriores a v6.x-2.0 para Drupal, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones de (1) borrado o (2) añadir una entrada "meta tag". • http://drupal.org/node/1534874 http://drupal.org/node/1632908 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53997 https://exchange.xforce.ibmcloud.com/vulnerabilities/76344 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2710
https://notcve.org/view.php?id=CVE-2012-2710
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Zen v6.x-1.x anterior a v6.x-1.1 para Drupal, cuando "Append the content title to the end of the breadcrumb" está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del "content title" en breadcrumb. • http://drupal.org/node/1585960 http://drupal.org/node/628480 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53573 https://exchange.xforce.ibmcloud.com/vulnerabilities/75711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 1CVE-2012-2711
https://notcve.org/view.php?id=CVE-2012-2711
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy List v6.x-1.x anterior a v6.x-1.4 para Drupal, permite a usuarios remotos autenticados, con permisos para crear o editar términos de la taxonomía a inyectar secuencias de comandos web o HTML a través de vectores que implican información de la taxonomía. • http://drupal.org/node/1595396 http://drupal.org/node/1597262 http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0 http://secunia.com/advisories/49238 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82164 http://www.securityfocus.com/bid/53671 https://exchange.xforce.ibmcloud.com/vulnerabilities/75867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 2CVE-2012-2726
https://notcve.org/view.php?id=CVE-2012-2726
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Protest v6.x-1.x anterior a v6.x-1.2 o v7.x 1.x, anterior a v7.x-1.2 para Drupal permite a usuarios remotos autenticados con la "administración de la protesta" permiso para inyectar secuencias de comandos web o HTML a través del parámetro protest_body • http://drupal.org/node/1618090 http://drupal.org/node/1618092 http://drupal.org/node/1619856 http://drupalcode.org/project/protest.git/commitdiff/c85eaed http://drupalcode.org/project/protest.git/commitdiff/cf8c543 http://secunia.com/advisories/49386 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82715 https://exchange.xforce.ibmcloud.com/vulnerabilities/76126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 20EXPL: 1CVE-2012-2731
https://notcve.org/view.php?id=CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. Ubercart AJAX Cart v6.x-2.x anterior a v6.x-2.1 para Drupal almacena la id de la sesión en la tabla de configuración de páginas cargadas, lo que podría permitir a atacantes remotos obtener información sensible espiando o leyendo la caché del HTML de una página Web. • http://drupal.org/node/1619586 http://drupal.org/node/1633048 http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53999 https://exchange.xforce.ibmcloud.com/vulnerabilities/76332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •