CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2012-6572
https://notcve.org/view.php?id=CVE-2012-6572
Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess_node function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función phptemplate_preprocess_node en template.php en el tema Inf08 v6.x-1.x anterior a v6.x-1.10 para Drupal, permite a atacantes remotos con el permiso "administer taxonomy" inyectar secuencias de comandos web o HTML. • http://osvdb.org/85422 http://secunia.com/advisories/50557 http://www.madirish.net/550 https://drupal.org/node/1782286 https://drupal.org/node/1782686 https://exchange.xforce.ibmcloud.com/vulnerabilities/78575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1905
https://notcve.org/view.php?id=CVE-2013-1905
Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidades de secuencias de comandos entre sitios múltiples (XSS) en el tema Zero Point v7.x-1.x antes de 7.x-1.9 para Drupal que permite a atacantes remotos inyectar código web script o HTML a través de vectores sin especificar. • http://drupal.org/node/1954588 http://osvdb.org/91745 http://packetstormsecurity.com/files/120985/Drupal-Zero-Point-7.x-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Mar/241 http://secunia.com/advisories/52775 http://www.securityfocus.com/bid/58758 https://drupal.org/node/1953840 https://exchange.xforce.ibmcloud.com/vulnerabilities/83137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 14EXPL: 0CVE-2013-1887
https://notcve.org/view.php?id=CVE-2013-1887
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo Views v7.x-3.x anterior a v7.x-3.6 para Drupal permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a través de ciertos campos de la vista de configuración. • http://drupal.org/node/1948354 http://drupal.org/node/1948358 http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2013/Mar/193 http://secunia.com/advisories/51540 http://www.openwall.com/lists/oss-security/2013/03/22/8 http://www.openwall.com/lists/oss-security/2013/03/25/4 http://www.osvdb.org/91576 http://www.securit • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 17EXPL: 0CVE-2013-0181
https://notcve.org/view.php?id=CVE-2013-0181
Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Views en el API Search (search_api) módulo v7.x-1.x antes de v7.x-1.4 para Drupal, cuando se utilizan backends o ciertas facetas, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la entrada no especificada,lo que se devuelve un mensaje de error. • http://drupalcode.org/project/search_api.git/commitdiff/35b5728 http://osvdb.org/89117 http://secunia.com/advisories/51806 http://www.openwall.com/lists/oss-security/2013/01/15/3 http://www.securityfocus.com/bid/57231 https://drupal.org/node/1884076 https://drupal.org/node/1884332 https://exchange.xforce.ibmcloud.com/vulnerabilities/81153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0260
https://notcve.org/view.php?id=CVE-2013-0260
Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors. Vulnerabilidad no especificada en el módulo Drush Debian Packaging para Drupal que permite a usuarios locales obtener las credenciales de base de datos a través de vectores desconocidos. • http://drupal.org/node/1903324 http://www.openwall.com/lists/oss-security/2013/02/05/1 •