CVSS: 3.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-1651
https://notcve.org/view.php?id=CVE-2012-1651
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Submenu Tree antes de v6.x-1.5 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1132838 http://drupal.org/node/1461470 http://secunia.com/advisories/48202 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79696 http://www.securityfocus.com/bid/52226 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2012-1652
https://notcve.org/view.php?id=CVE-2012-1652
Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text." Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Hierarchical Select v6.x-3.x anterior a v6.x-3.8 para Drupal, permite a usuarios autenticados remotamente con permisos de administración sobre la taxonomía, inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados relativos al "the vocabulary's help text". • http://drupal.org/node/1461318 http://drupal.org/node/1461724 http://drupalcode.org/project/hierarchical_select.git/commit/be32dceb17d25553e474c295a8c3db69eab95cee http://osvdb.org/79683 http://secunia.com/advisories/48235 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52228 https://exchange.xforce.ibmcloud.com/vulnerabilities/73611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1656
https://notcve.org/view.php?id=CVE-2012-1656
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field. Vulnerabilidad de inyección de comandos SQL en el módulo Multisite Search v6.x-2.2 para Drupal, permite a usuarios autenticados remotaente con algunos permisos, ejecutar comandos SQL a través del prefijo de campo de la tabla Site. • http://drupal.org/node/1471800 http://www.madirish.net/content/drupal-multisite-search-module-sql-injection-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79857 http://www.securityfocus.com/bid/52342 https://exchange.xforce.ibmcloud.com/vulnerabilities/73898 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1659
https://notcve.org/view.php?id=CVE-2012-1659
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Node Recommendation v6.x-1.x antes de v6.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1471906 http://drupal.org/node/1471940 http://drupalcode.org/project/noderecommendation.git/commit/55567d0 http://secunia.com/advisories/48330 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79853 http://www.securityfocus.com/bid/52343 https://exchange.xforce.ibmcloud.com/vulnerabilities/73778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-1655
https://notcve.org/view.php?id=CVE-2012-1655
Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment module 6.x-1.0 for Drupal allows remote authenticated users to obtain account credentials via unknown attack vectors. Vulnerabilidad no especificada en el módulo de pago UC PayDutchGroup / WeDeal v6.x-1.0 para Drupal, permite a usuarios autenticados remotamente obtener credenciales de cuentas a través de vectores de ataque desconocidos. • http://drupal.org/node/1471800 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79855 http://www.securityfocus.com/bid/52344 https://exchange.xforce.ibmcloud.com/vulnerabilities/73897 •