CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5938
https://notcve.org/view.php?id=CVE-2013-5938
25 Sep 2013 — Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. Vulnerabilidad XSS en el módulo Click2Sell Suite v6.x-1.x para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de un formulario de confirmación. • http://osvdb.org/97204 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2013-2123
https://notcve.org/view.php?id=CVE-2013-2123
28 Aug 2013 — The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. El módulo de acceso de referencia al usuario Node 6.x-3.x anteior a 6.x-3.5 y 7.x-3.x anteior a 7.x-3.10 para Drupal no restringe adecuadamente el acceso al contenid... • http://www.openwall.com/lists/oss-security/2013/05/29/9 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2013-2197
https://notcve.org/view.php?id=CVE-2013-2197
28 Aug 2013 — The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a large number of failed login attempts. El módulo Login Security v6.x-1.x anterior a v6.x-1.3 y v7.x-1.x anterior a v7.x-1.3 para Drupal, cuando se utiliza la opción de retraso de inicio de sesión, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un gran número de inte... • http://www.openwall.com/lists/oss-security/2013/06/20/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2013-2247
https://notcve.org/view.php?id=CVE-2013-2247
28 Aug 2013 — The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. El módulo Fast Permissions Administration v6.x-2.x anterior a v6.x-2.5 y v7.x-2.x anterior a v7.x-2.3 para Drupal no restringe adecuadamente el acceso a la función de llamada de modelo de contenidos lo que permite a atacantes remotos obtener acceso no es... • http://www.openwall.com/lists/oss-security/2013/07/06/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 1CVE-2013-4274
https://notcve.org/view.php?id=CVE-2013-4274
28 Aug 2013 — Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. Vulnerabilidad Cross-site scripting (XSS) en la función password_policy_admin_view en password_p... • http://www.madirish.net/557 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2012-6583
https://notcve.org/view.php?id=CVE-2012-6583
23 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name. Vulnerabilidad Cross-site scripting (XSS) en el modulo Imagemenu v6.x-1.x anterior a v6.x-1.4 para Drupal permite a los usuarios remotos autenticados con el permiso "administrar imagemenu" inyectar secuencias de comandos web o HTML a través de un nombre de archivo de image... • http://osvdb.org/85679 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4230
https://notcve.org/view.php?id=CVE-2013-4230
21 Aug 2013 — The mm_webform submodule in the Monster Menus module 6.x-6.x before 6.x-6.61 and 7.x-1.x before 7.x-1.13 for Drupal does not properly restrict access to webform submissions, which allows remote authenticated users with the "Who can read data submitted to this webform" permission to delete arbitrary submissions via unspecified vectors. El submodulo mm_webform en el modulo Monster Menus v6.x-6.x anterior a v6.x-6.61 y v7.x-1.x anterior a v7.x-1.13 para Drupal no restringe adecuadamente el acceso a envíos en f... • http://secunia.com/advisories/54391 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-6582
https://notcve.org/view.php?id=CVE-2012-6582
20 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. Vulnerabilidad XSS en el módulo Spambot 6.x-3.x anterior a 6.x-3.2 y 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a determinados atacantes inyectar secuencias de comandos web o HTML arbitrarias a través de respuestas de la API stopforumspam.co... • http://osvdb.org/85680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2013-5315
https://notcve.org/view.php?id=CVE-2013-5315
19 Aug 2013 — Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174. Vulnerabilidad XSS en el submódulo Resource Manager en el submódulo MEE (mee.module) en el módulo Scald 6.x-1.x anterior a 6.x-1.0-beta3 y 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a atacantes remot... • http://drupalcode.org/project/scald.git/blobdiff/9ce68f67a25200afa5256f567ef89bc4b9fd705e..974a5e29f502a58e6a955d69a85bb5f16c1c8b3e:/mee/mee.module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0245 – Debian Security Advisory 2776-1
https://notcve.org/view.php?id=CVE-2013-0245
16 Jul 2013 — The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. La versión amigable de la funcionalidad de impresión del módulo Book para Drupal no restringe adecuadamente el acceso al nodo del que es parte del esquema del módul... • http://osvdb.org/89305 • CWE-264: Permissions, Privileges, and Access Controls •