CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2012-2715
https://notcve.org/view.php?id=CVE-2012-2715
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función themes_links en template.php en el módulo del tema Amadou v6.x-1.x anterior a v6.x-1.3 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con atributos class en una lista de enlaces. • http://drupal.org/node/1608730 http://drupal.org/node/1608780 http://drupalcode.org/project/amadou.git/commitdiff/071ea83 http://secunia.com/advisories/49328 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82433 http://www.securityfocus.com/bid/53732 https://exchange.xforce.ibmcloud.com/vulnerabilities/75997 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2012-2730
https://notcve.org/view.php?id=CVE-2012-2730
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. El módulo Protected Node v6.x-1.x anterior a v6.x-1.6 para Drupal no protege de forma adecuada el acceso al nodo protegido cuando se accede a los nodos desde una vista que no es la estándar, lo que permitiría a atacantes remotos a evitar las restricciones de acceso impuestas. • http://drupal.org/node/1258034 http://drupal.org/node/1632918 http://secunia.com/advisories/49509 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82984 http://www.securityfocus.com/bid/54001 https://exchange.xforce.ibmcloud.com/vulnerabilities/76291 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 1CVE-2012-3800
https://notcve.org/view.php?id=CVE-2012-3800
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en og.js en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con el título del grupo. • http://drupal.org/node/1619736 http://drupal.org/node/1619810 http://drupalcode.org/project/og.git/commitdiff/d48fef5 http://secunia.com/advisories/49397 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82712 http://www.securityfocus.com/bid/53838 https://exchange.xforce.ibmcloud.com/vulnerabilities/76149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 3%CPEs: 9EXPL: 1CVE-2012-2707
https://notcve.org/view.php?id=CVE-2012-2707
The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. El módulo Hostmaster (Aegir) v6.x-1.x anterior a v6.x-1.9 para Drupal no se cierra de forma adecuada cuando los usuarios no han accedido a nodos paquete/tarea (package/task), lo que permite a atacantes remotos evitar las restricciones de acceso impuesto y modificar nodos no autorizados. • http://community.aegirproject.org/1.9 http://drupal.org/node/1585658 http://drupal.org/node/1585678 http://drupalcode.org/project/hostmaster.git/commitdiff/8a61101 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53588 https://exchange.xforce.ibmcloud.com/vulnerabilities/75715 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.6EPSS: 0%CPEs: 18EXPL: 1CVE-2012-2703
https://notcve.org/view.php?id=CVE-2012-2703
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Advertisement v6.x-2.x anterior a v6.x-2.3 para Drupal, cuando el modo de depuración está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el "variable $ conf en settings.php ". • http://drupal.org/node/1585544 http://drupalcode.org/project/ad.git/commitdiff/4337f34 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://drupal.org/node/1580376 https://exchange.xforce.ibmcloud.com/vulnerabilities/75718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •