CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2012-2064
https://notcve.org/view.php?id=CVE-2012-2064
Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en theme/views_lang_switch.theme.inc en el módulo Views Language Switcher anterior a v7.x-1.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro q. • http://drupal.org/node/1482420 http://drupalcode.org/project/views_lang_switch.git/commit/c27c318 http://secunia.com/advisories/48355 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80071 http://www.securityfocus.com/bid/52497 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2063
https://notcve.org/view.php?id=CVE-2012-2063
The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo Slidebox en versiones anteriores a 7.x-1.4 para Drupal no comprueba adecuadamente los permisos, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1482166 http://drupal.org/node/1482342 http://drupalcode.org/project/slidebox.git/commit/3dae144 http://secunia.com/advisories/48360 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52500 https://exchange.xforce.ibmcloud.com/vulnerabilities/74067 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 56EXPL: 0CVE-2012-2067
https://notcve.org/view.php?id=CVE-2012-2067
Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. Vulnerabilidad no especificada en el módulo CKEditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v7.x-1.x anterior a v7.x-1.7 para Drupal, cuando el módulo de núcleo de PHP está activado, permite a usuarios remotos autenticados o atacantes remotos ejecutar código PHP arbitrario a través del parámetro de texto a un filtro de texto. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80080 https://exchange.xforce.ibmcloud.com/vulnerabilities/74037 •
CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 0CVE-2012-2065
https://notcve.org/view.php?id=CVE-2012-2065
Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo Language Icons v6.x-2.x anterior a v6.x-2.1 y v7.x-1.x anterior a v7.x-1.0 para Drupal permite a usuarios remotos autenticados administrar permisos de idiomas para inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://drupal.org/node/1482136 http://drupal.org/node/1482144 http://drupal.org/node/1482428 http://drupalcode.org/project/languageicons.git/commit/be620bb http://drupalcode.org/project/languageicons.git/commit/e3f3f1f http://secunia.com/advisories/48405 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80070 http://www.securityfocus.com/bid/52499 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 56EXPL: 0CVE-2012-2066
https://notcve.org/view.php?id=CVE-2012-2066
Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de código en sitios cruzados (XSS) en el módulo FCKeditor v6.x-2.x anterior a v6.x-2.3 y el módulo CKEditor v6.x-1.x anterior a v6.x-1.9 y v77.x-1.x anterior a v7.x-1.7 para Drupal permite a usuarios remotos autenticados o atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1482442 http://drupal.org/node/1482466 http://drupal.org/node/1482480 http://drupal.org/node/1482528 http://secunia.com/advisories/48435 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80079 https://exchange.xforce.ibmcloud.com/vulnerabilities/74036 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •