CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 1CVE-2012-5705
https://notcve.org/view.php?id=CVE-2012-5705
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de ajustes (admin/settings/hotblocks) en el módulo Hotblocks v6.x-1.x antes de v6.x-1.8 para Drupal, permite a usuarios remotos autenticados con el permiso "administrar hotblocks" inyectar secuencias de comandos web o HTML a través de "nombres de bloque". • http://drupal.org/node/1732828 http://drupal.org/node/1732946 http://www.madirish.net/543 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 13EXPL: 0CVE-2012-4495
https://notcve.org/view.php?id=CVE-2012-4495
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. El módulo Mime Mail v6.x-1.x antes de v6.x-1.1 para Drupal no restringe correctamente el acceso a archivos fuera de los directorios de archivos publicados de Drupal, lo que permite a usuarios autenticados remotamente enviar archivos arbitrarios como adjuntos. • http://drupal.org/node/1719446 http://drupal.org/node/1719482 http://drupalcode.org/project/mimemail.git/commitdiff/ae065d1 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54914 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4500
https://notcve.org/view.php?id=CVE-2012-4500
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. El módulo Announcements v6.x-1.x antes de v6.x-1.5 para Drupal permite a usuarios autenticados remotamente con permisos "access announcements" evitar restricciones y posiblemente tener otro impacto no especificado. • http://drupal.org/node/1761038 http://drupal.org/node/1762480 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55283 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4496
https://notcve.org/view.php?id=CVE-2012-4496
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Custom Publishing Options v6.x-1.x antes de v6.x-1.4 para Drupal, permite a usuarios autenticados remotamente con permisos "administer nodes" inyectar secuencias de comandos web o HTML a través del parámetro status labels • http://drupal.org/node/1730766 http://secunia.com/advisories/50256 http://www.madirish.net/538 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55037 https://drupal.org/node/1732980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2012-4485
https://notcve.org/view.php?id=CVE-2012-4485
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función galleryformatter_field_formatter_view en galleryformatter.tpl.php en el módulo Gallery formatter antes de v7.x-1.2 para Drupal permite a usuarios autenticados remotamente con permisos para crear un nodo o entidad inyectar secuencias de comandos web o HTML a través del parámetro (1) title o (2) alt. • http://drupal.org/node/1699744 http://drupal.org/node/1700578 http://drupalcode.org/project/galleryformatter.git/commitdiff/b0392a1 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •