CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2012-0914
https://notcve.org/view.php?id=CVE-2012-0914
Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. Vulnerbilidad de ejecución de secuencias de comandos web en sitios cruzados (XSS) en display_renderers/panels_renderer_editor.class.php en la vista de administración en el módulo Panels v6.x-2.x anterior a v6.x-3.10 y v7.x-3.x anterior v7.x-3.0 para Drupal permite a usuarios autenticados de forma remota con ciertos privilegios inyectar código web script de su elección o HTML a través del 'title' Region. • http://drupal.org/node/1409436 http://drupal.org/node/1409446 http://drupal.org/node/1409448 http://drupalcode.org/project/panels.git/commit/2066d59 http://drupalcode.org/project/panels.git/commit/d844942 http://osvdb.org/78367 http://secunia.com/advisories/47649 http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability http://www.securityfocus.com/bid/51568 https://exchange.xforce.ibmcloud.com/vulnerabilities/72549 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2011-4560
https://notcve.org/view.php?id=CVE-2011-4560
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo para Drupal 'Petition Node' v6.x-1.x antes de v6.x-1.5 permite a usuarios remotos autenticados inyectar HTML o secuencias de comandos web a través de vectores no especificados relacionados con la firma de una petición. • http://drupal.org/node/1300238 http://osvdb.org/76094 http://secunia.com/advisories/46333 http://www.securityfocus.com/bid/49982 https://exchange.xforce.ibmcloud.com/vulnerabilities/70342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4813
https://notcve.org/view.php?id=CVE-2010-4813
Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, which are not properly handled in token help. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Category Tokens v6.x antes de v6.x-1.1 para Drupal permite a usuarios autenticados remotamente con permisos para administrar la taxonomía inyectar secuencias de comandos web o HTML editando o creando nombres de vocabulario, que no son manipulados adecuadamente en la ayuda del token • http://drupal.org/node/968176 http://osvdb.org/69145 http://secunia.com/advisories/42168 http://www.securityfocus.com/bid/44780 https://exchange.xforce.ibmcloud.com/vulnerabilities/63203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2011-1663
https://notcve.org/view.php?id=CVE-2011-1663
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el módulo Translation Management versiones 6.x anteriores a 6.x-1.21 para Drupal, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de vectores no especificados. • http://drupal.org/node/1111174 http://secunia.com/advisories/43950 http://www.securityfocus.com/bid/47098 https://exchange.xforce.ibmcloud.com/vulnerabilities/66476 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1661
https://notcve.org/view.php?id=CVE-2011-1661
The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. Node Quick Find module v6.x-1.1 para Drupal no utiliza db_rewrite_sql cuando presenta títulos de nodo, permitiendo a atacantes remotos evitar las restricciones de acceso y leer títulos de nodo potencialmente sensibles a través de la característica autocomplete. • http://drupal.org/files/issues/db_rewrite_sql_12.patch http://drupal.org/node/1080114 http://drupal.org/node/1118408 http://secunia.com/advisories/44046 http://www.securityfocus.com/bid/47238 https://exchange.xforce.ibmcloud.com/vulnerabilities/66604 • CWE-264: Permissions, Privileges, and Access Controls •