CVSS: 6.1EPSS: 1%CPEs: 99EXPL: 0CVE-2015-6658 – Debian Security Advisory 3346-1
https://notcve.org/view.php?id=CVE-2015-6658
24 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files. Vulnerabilidad de XSS en el sistema Autocomplete en Drupal 6.x en versiones anteriores a 6.37 y 7.x en versiones anteriores a 7.39, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, relacionado con la carga de archivos. Sev... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 99EXPL: 0CVE-2015-6660 – Debian Security Advisory 3346-1
https://notcve.org/view.php?id=CVE-2015-6660
24 Aug 2015 — The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks." Vulnerabilidad en la API Form en Drupal 6.x en versiones anteriores a 6.37 y 7.x en versiones anteriores a 7.39, no valida correctamente el token form, lo cual permite a atacantes remotos realizar ataques CSRF que cargan archivos en diferentes cuentas de... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2015-6661 – Debian Security Advisory 3346-1
https://notcve.org/view.php?id=CVE-2015-6661
24 Aug 2015 — Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. Vulnerabilidad en Drupal 6.x en versiones anteriores a 6.37 y 7.x en versiones anteriores a 7.39, permite a atacantes remotos obtener títulos sensibles de nodo leyendo el menú. Several vulnerabilities were discovered in Drupal, a content management framework. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 1%CPEs: 78EXPL: 0CVE-2015-6665 – Debian Security Advisory 3346-1
https://notcve.org/view.php?id=CVE-2015-6665
24 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag. Vulnerabilidad de XSS en el manejador Ajax en Drupal 7.x en versiones anteriores a la 7.39 y el módulo Ctools 6.x-1.x en versiones anteriores a 6.x-1.14 para Drupal, permite a atacantes remotos inyectar secuencias de coman... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165061.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 53EXPL: 0CVE-2015-3231 – Debian Security Advisory 3291-1
https://notcve.org/view.php?id=CVE-2015-3231
18 Jun 2015 — The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. El sistema de caché Render en Drupal 7.x anterior a 7.38, cuando se utiliza para cachear contenido por roles de usuario, permite a usuarios remotos autenticados obtener contenido privado visualizado por el usuario 1 mediante la lectura del caché. Several vulnerabilities were found in drupal7, a content management platfo... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2015-3232 – Debian Security Advisory 3291-1
https://notcve.org/view.php?id=CVE-2015-3232
18 Jun 2015 — Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter. Vulnerabilidad de la redirección abierta en el módulo Field UI en Drupal 7.x anterior a 7.38 permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de una URL en el parámetro destinations. Several vulnerabilities were found in drupal7, a c... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html •
CVSS: 6.1EPSS: 4%CPEs: 51EXPL: 0CVE-2015-3233 – Debian Security Advisory 3291-1
https://notcve.org/view.php?id=CVE-2015-3233
18 Jun 2015 — Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Vulnerabilidad de la redirección abierta en el módulo Overlay en Drupal 7.x anterior a 7.38 permite a atacantes remotos autenticados redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. Several vulnerabilities were found in drupal7, a content managemen... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html •
CVSS: 9.8EPSS: 0%CPEs: 98EXPL: 0CVE-2015-3234 – Debian Security Advisory 3291-1
https://notcve.org/view.php?id=CVE-2015-3234
18 Jun 2015 — The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. El módulo OpenID en Drupal 6.x anterior a 6.36 y 7.x anterior a 7.38 permite a atacantes remotos iniciar sesión en las cuentas de otros usuarios mediante el aprovechamiento de una identidad OpenID de ciertos proveedores, tal y como fue demostrado por los pro... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161261.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 2%CPEs: 8EXPL: 1CVE-2010-5312 – jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
https://notcve.org/view.php?id=CVE-2010-5312
24 Nov 2014 — Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. Vulnerabilidad de XSS en jquery.ui.dialog.js en el widget Dialog en jQuery UI anterior a 1.10.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la opción del título. Two cross-site scripting flaws were found in jQuery, which impacted the Identity Management web admini... • http://bugs.jqueryui.com/ticket/6016 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0205
https://notcve.org/view.php?id=CVE-2013-0205
19 Mar 2013 — Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo RESTful Web Services (restws) v7.x-1.x anterior a v7.x-1.2 y v7.x-2.x anterior a v7.x-2.0-alpha4 para Drupal, permite a atacantes remotos secuestrar la autenticació... • http://www.openwall.com/lists/oss-security/2013/01/21/5 • CWE-352: Cross-Site Request Forgery (CSRF) •