CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2308
https://notcve.org/view.php?id=CVE-2012-2308
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy Grid : Catalog para Drupal v6.x-1.6 y anteriores, permite a usuarios remotos autenticados con permisos específicos, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1557872 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53345 https://exchange.xforce.ibmcloud.com/vulnerabilities/75345 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 1CVE-2012-2302
https://notcve.org/view.php?id=CVE-2012-2302
Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo para Drupal Site Documentation (Sitedoc) no comprueba correctamente la ubicación de almacenamiento al comprimir, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1546224 http://drupal.org/node/1547686 http://drupalcode.org/project/sitedoc.git/commitdiff/521721c http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.osvdb.org/81555 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0CVE-2012-2296
https://notcve.org/view.php?id=CVE-2012-2296
The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability. El módulo para Drupal The Janrain Engage (formerly RPX) v6.x-1.x. v6.x-2.x antes de v6.x-2.2 y v7.x 2.x antes v7.x-2.2 almacena los datos de perfil de usuario de Engage en las tablas de sesión, lo que podría permitir a atacantes remotos obtener información sensible mediante el aprovechamiento de una vulnerabilidad separada. • http://drupal.org/node/1515114 http://drupal.org/node/1515120 http://drupal.org/node/1515282 http://www.openwall.com/lists/oss-security/2012/04/10/12 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/74616 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2012-2307
https://notcve.org/view.php?id=CVE-2012-2307
Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo Addressbook para Drupal v6.x-4.2 y anteriores, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos. • http://drupal.org/node/1557868 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 21EXPL: 0CVE-2012-2310
https://notcve.org/view.php?id=CVE-2012-2310
Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo cctags para Drupal v6.x-1.x antes de v6.x-1.10 y v7.x 1.x antes v7.x-1.10 permite a usuarios remotos autenticados con ciertos roles, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1508098 http://drupal.org/node/1508100 http://drupal.org/node/1558248 http://secunia.com/advisories/49018 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •