CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-0257
https://notcve.org/view.php?id=CVE-2013-0257
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields. El módulo email2image v6.x-1.x y v6.x-2.x para Drupal no restringe debidamente el acceso a los nodos, lo que permite a atacantes remotos leer las imágenes de las direcciones de correo electrónico del usuario y los campos de correo electrónico. • http://drupal.org/node/1903264 http://www.openwall.com/lists/oss-security/2013/02/05/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2013-0182
https://notcve.org/view.php?id=CVE-2013-0182
The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to payments, which allows remote attackers to read arbitrary payments. El módulo de venta v7.x-1.x antes v7.x-1.3 para Drupal no restringe debidamente en el acceso a los pagos, lo que permite a atacantes remotos leer pagos arbitrarios. • http://drupal.org/node/1871508 http://drupal.org/node/1883830 http://drupalcode.org/project/payment.git/commitdiff/62c9186 http://www.openwall.com/lists/oss-security/2013/01/15/3 https://drupal.org/node/1884360 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0324
https://notcve.org/view.php?id=CVE-2013-0324
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title. Ejecución de comandos en sitios cruzados (XSS) en el formateador de enlaces en el módulo Referencia de menú en v7.x-1.x antes v7.x-1.0 para Drupal que permite a usuarios remotos autenticados con el permiso "Administer menus and menu items" inyectar web script o HTML arbitrario a través del título del enlace del menú. • http://drupal.org/node/1922434 http://drupal.org/node/1922446 http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1782
https://notcve.org/view.php?id=CVE-2013-1782
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el tema Responsive Blog v7.x-1.x anterior a v7.x-1.6 para Drupal permite a usuarios remotos autenticados con permisos para administrar temas inyectar secuencias de comandos web o HTML a través de vectores relacionados con los iconos sociales. • http://drupal.org/node/1929396 http://drupal.org/node/1929488 http://drupalcode.org/project/responsive_blog.git/commitdiff/ce47de9 http://osvdb.org/90688 http://secunia.com/advisories/52423 http://www.openwall.com/lists/oss-security/2013/02/28/3 http://www.securityfocus.com/bid/58218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 17EXPL: 0CVE-2013-2715
https://notcve.org/view.php?id=CVE-2013-2715
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el modulo Search API (search_api) v7.x-1.x anterior a v7.x-1.4 para Drupal permite a usuarios remotos autenticados con cierta permisos para inyectar secuencias de comandos web o HTML a través de la modificación del campo "name". • http://drupalcode.org/project/search_api.git/commitdiff/d22cf53 http://osvdb.org/89116 http://secunia.com/advisories/51806 http://www.openwall.com/lists/oss-security/2013/01/15/3 https://drupal.org/node/1884076 https://drupal.org/node/1884332 https://exchange.xforce.ibmcloud.com/vulnerabilities/81154 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •