CVSS: 6.1EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0244 – Debian Security Advisory 2776-1
https://notcve.org/view.php?id=CVE-2013-0244
11 Oct 2013 — Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements. Cross-site scripting (XSS) en Drupal 6.x anterior a 6.28 y 7.x anterior a 7.19, cuando se ejecuta con versiones anteriores de jQuery que son vulnerables a CVE-2011-4969, que permite a ata... • http://osvdb.org/89306 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2013-0246
https://notcve.org/view.php?id=CVE-2013-0246
16 Jul 2013 — The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. El módulo Image en Drupal v7.x anterior a v7.19, cuando un sistema de ficheros privado es utilizado, no restringe adecuadamente el acceso a imágenes derivadas, lo que permite a atacantes remotos leer imágenes derivadas de imágenes restringidas a través de vectores... • http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 72EXPL: 0CVE-2013-0245 – Debian Security Advisory 2776-1
https://notcve.org/view.php?id=CVE-2013-0245
16 Jul 2013 — The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. La versión amigable de la funcionalidad de impresión del módulo Book para Drupal no restringe adecuadamente el acceso al nodo del que es parte del esquema del módul... • http://osvdb.org/89305 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2013-0316 – Mandriva Linux Security Advisory 2013-287-1
https://notcve.org/view.php?id=CVE-2013-0316
27 Mar 2013 — The Image module in Drupal 7.x before 7.20 allows remote attackers to cause a denial of service (CPU and disk space consumption) via a large number of new derivative requests. El módulo Image en Drupal v7.x antes v7.20 permite a atacantes remotos provocar una denegación de servicio (CPU y el consumo de espacio en disco) a través de un gran número de nuevas solicitudes derivantes . Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting... • http://drupal.org/SA-CORE-2013-002 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0205
https://notcve.org/view.php?id=CVE-2013-0205
19 Mar 2013 — Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el módulo RESTful Web Services (restws) v7.x-1.x anterior a v7.x-1.2 y v7.x-2.x anterior a v7.x-2.0-alpha4 para Drupal, permite a atacantes remotos secuestrar la autenticació... • http://www.openwall.com/lists/oss-security/2013/01/21/5 • CWE-352: Cross-Site Request Forgery (CSRF) •