CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4500
https://notcve.org/view.php?id=CVE-2012-4500
The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. El módulo Announcements v6.x-1.x antes de v6.x-1.5 para Drupal permite a usuarios autenticados remotamente con permisos "access announcements" evitar restricciones y posiblemente tener otro impacto no especificado. • http://drupal.org/node/1761038 http://drupal.org/node/1762480 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55283 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2012-4496
https://notcve.org/view.php?id=CVE-2012-4496
Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Custom Publishing Options v6.x-1.x antes de v6.x-1.4 para Drupal, permite a usuarios autenticados remotamente con permisos "administer nodes" inyectar secuencias de comandos web o HTML a través del parámetro status labels • http://drupal.org/node/1730766 http://secunia.com/advisories/50256 http://www.madirish.net/538 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/55037 https://drupal.org/node/1732980 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 1CVE-2012-4485
https://notcve.org/view.php?id=CVE-2012-4485
Multiple cross-site scripting (XSS) vulnerabilities in the galleryformatter_field_formatter_view functiuon in galleryformatter.tpl.php the Gallery formatter module before 7.x-1.2 for Drupal allow remote authenticated users with permissions to create a node or entity to inject arbitrary web script or HTML via the (1) title or (2) alt parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función galleryformatter_field_formatter_view en galleryformatter.tpl.php en el módulo Gallery formatter antes de v7.x-1.2 para Drupal permite a usuarios autenticados remotamente con permisos para crear un nodo o entidad inyectar secuencias de comandos web o HTML a través del parámetro (1) title o (2) alt. • http://drupal.org/node/1699744 http://drupal.org/node/1700578 http://drupalcode.org/project/galleryformatter.git/commitdiff/b0392a1 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 http://www.securityfocus.com/bid/54674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-4484
https://notcve.org/view.php?id=CVE-2012-4484
Cross-site scripting (XSS) vulnerability in the administrative interface in the Campaign Monitor module before 6.x-2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this refers to an issue in an independently developed Drupal module, and NOT an issue in the Campaign Monitor software itself (described on the campaignmonitor.com web site). Vulnerabilidad Cross-Site Scripting (XSS) en la interfaz administrativa en el módulo Campaign Monitor en versiones anteriores a la 6.x-2.5 para Drupal permite que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores sin especificar. NOTA: esto se refiera a un problema en un módulo de Drupal desarrollado de manera independiente y NO en el software Campaign Monitor (descrito en el sitio web campaignmonitor.com). • http://drupal.org/node/1689790 http://drupal.org/node/1691446 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4499
https://notcve.org/view.php?id=CVE-2012-4499
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. La página de formateador de contacto en el módulo Email Field v6.x-1.x antes de v6.x-1.2 y v7.x-1.x antes de v7.x-1.1 para Drupal permite a atacantes remotos para enviar la dirección almacenada en la entidad a través de vectores no especificados. • http://drupal.org/node/1761948 http://drupal.org/node/1761968 http://drupal.org/node/1762470 http://www.openwall.com/lists/oss-security/2012/10/04/6 http://www.openwall.com/lists/oss-security/2012/10/07/1 • CWE-264: Permissions, Privileges, and Access Controls •