NotCVE - vendor:"Drupal"

Page 65 of 836 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2012-4493

https://notcve.org/view.php?id=CVE-2012-4493

Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados(XSS) en la interfaz de administración del módulo "Better Revisions" v7.x-1.x antes v7.x-1.1 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con el permiso "administrar mejores revisiones" a través de vectores no especificados. • http://drupal.org/node/1713378 http://drupal.org/node/1719402 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2012-4497

https://notcve.org/view.php?id=CVE-2012-4497

Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in the Elegant Theme module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via a slide URL. Vulnerabilidad de Cross-Site Scripting (XSS) en "3 slide gallery" en el módulo Elegant Theme en versiones 7.x-1.x anteriores a la 7.x-1.1 para Drupal permite que usuarios autenticados remotos con el permiso "administer themes" inyecten scripts web o HTML arbitrarios mediante una URL de slide. • http://drupal.org/node/1722880 http://drupal.org/node/1733056 http://drupalcode.org/project/elegant_theme.git/commitdiff/bdea7b1 http://secunia.com/advisories/50273 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55043 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2012-5704

https://notcve.org/view.php?id=CVE-2012-5704

The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a block that references itself. El módulo Hotblocks v6.x-1.x antes de v6.x-1.8 para Drupal permite a usuarios remotos autenticados y con permiso "administrar hotblocks" causar una denegación de servicio (bucle infinito y timeout) a través de un bloque que hace referencia a sí mismo. • http://drupal.org/node/1732828 http://drupal.org/node/1732946 http://www.madirish.net/543 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-399: Resource Management Errors •

CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2012-5705

https://notcve.org/view.php?id=CVE-2012-5705

Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la página de ajustes (admin/settings/hotblocks) en el módulo Hotblocks v6.x-1.x antes de v6.x-1.8 para Drupal, permite a usuarios remotos autenticados con el permiso "administrar hotblocks" inyectar secuencias de comandos web o HTML a través de "nombres de bloque". • http://drupal.org/node/1732828 http://drupal.org/node/1732946 http://www.madirish.net/543 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2012-4495

https://notcve.org/view.php?id=CVE-2012-4495

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. El módulo Mime Mail v6.x-1.x antes de v6.x-1.1 para Drupal no restringe correctamente el acceso a archivos fuera de los directorios de archivos publicados de Drupal, lo que permite a usuarios autenticados remotamente enviar archivos arbitrarios como adjuntos. • http://drupal.org/node/1719446 http://drupal.org/node/1719482 http://drupalcode.org/project/mimemail.git/commitdiff/ae065d1 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54914 • CWE-264: Permissions, Privileges, and Access Controls •

1...63 64 65 66 67