CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2068
https://notcve.org/view.php?id=CVE-2012-2068
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en fancy_slide.module en el módulo Fancy Slide antes de v6.x-2.7 para Drupal, permite a usuarios autenticados remotamente con permisos de administración fancy_slide inyectar secuencias de comandos web o HTML a través de los parámetros (1) node_title o (2) nodequeue_title. • http://drupal.org/node/1417688 http://drupal.org/node/1482744 http://drupalcode.org/project/fancy_slide.git/commit/cd2a424 http://secunia.com/advisories/48412 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80069 http://www.securityfocus.com/bid/52513 https://exchange.xforce.ibmcloud.com/vulnerabilities/74070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2116
https://notcve.org/view.php?id=CVE-2012-2116
Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. Vulnerabilidad de fasificación de peticiones en sitios cruzados (CSRF) en el módulo Commerce Reorder anteriores a v7.x-1.1 para Drupal permite a atacantes remotos secuestrar la autenticación de los usuarios en peticiones que añaden artículos al carro de la compra. • http://drupal.org/node/1538198 http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab http://secunia.com/advisories/48912 http://www.openwall.com/lists/oss-security/2012/04/18/11 http://www.openwall.com/lists/oss-security/2012/04/19/1 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2083
https://notcve.org/view.php?id=CVE-2012-2083
Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función fusion_core_preprocess_page de fusion_core/template.php en el módulo Fusion anteriores a v6.x-1.13 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro q. • http://drupal.org/node/1506600 http://drupal.org/node/1507510 http://drupalcode.org/project/fusion.git/commit/f7cee3d http://osvdb.org/80680 http://secunia.com/advisories/48606 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52798 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2012-2117
https://notcve.org/view.php?id=CVE-2012-2117
Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo de optimización Gigya - Social v6.x angeriores a v6.x-3.2 para Drupal permite a atacantes remotos inyectar código web o HTML de su elección mediante vectores de ataque no especificados. • http://drupal.org/node/1515084 http://drupal.org/node/1538704 http://secunia.com/advisories/48832 http://www.openwall.com/lists/oss-security/2012/04/18/11 http://www.openwall.com/lists/oss-security/2012/04/19/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/75025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 19EXPL: 1CVE-2012-2704
https://notcve.org/view.php?id=CVE-2012-2704
The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. El módulo "Advertisement" v6.x-2.x antes de v6.x-2.3 para Drupal no restringe adecuadamente el acceso a depurar la información, lo que permite a atacantes remotos obtener información sensible de la configuración del sitio que se encuentra en la variable $conf en settings.php. • http://drupal.org/node/1585544 http://drupalcode.org/project/ad.git/commitdiff/c2ffab2 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://drupal.org/node/1580376 https://exchange.xforce.ibmcloud.com/vulnerabilities/75719 • CWE-264: Permissions, Privileges, and Access Controls •