CVE-2012-2300
https://notcve.org/view.php?id=CVE-2012-2300
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x v3.x antes de v7.x-3.1 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con permisos de administración de clases de productos a través de vectores no especificados. • http://drupal.org/node/1547506 http://drupal.org/node/1547508 http://drupal.org/node/1547674 http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8 http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658 http://secunia.com/advisories/48935 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53251 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2298
https://notcve.org/view.php?id=CVE-2012-2298
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo realname v6.x-1.x antes de v6.x-1.5 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con (1) los nombres de usuario "en la página títulos" y (2) "las llamadas a autocompletar". • http://drupal.org/node/1547352 http://drupal.org/node/1547660 http://drupalcode.org/project/realname.git/commitdiff/41786d0 http://drupalcode.org/project/realname.git/commitdiff/b920794 http://secunia.com/advisories/48936 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53250 https://exchange.xforce.ibmcloud.com/vulnerabilities/75181 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2299
https://notcve.org/view.php?id=CVE-2012-2299
The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. El módulo Ubercart v6.x-2.x antes de v6.x-2.8 y v7.x-v3.x antes de v7.x-3.1 para Drupal almacena las contraseñas para los nuevos clientes en el texto plano durante el pago, lo que permite a usuarios locales obtener información sensible mediante la lectura de la base de datos. • http://drupal.org/node/1547506 http://drupal.org/node/1547508 http://drupal.org/node/1547674 http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84 http://secunia.com/advisories/48935 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.securityfocus.com/bid/53251 • CWE-255: Credentials Management Errors •
CVE-2012-2304
https://notcve.org/view.php?id=CVE-2012-2304
The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. El módulo Linkit v7.x-2.x antes de v7.x-2.3 para Drupal, cuando se utiliza un módulo de acceso a la entidad, no comprueba los permisos en la búsqueda de entidades, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://drupal.org/node/1547716 http://drupal.org/node/1547738 http://secunia.com/advisories/48900 http://www.openwall.com/lists/oss-security/2012/05/03/1 http://www.openwall.com/lists/oss-security/2012/05/03/2 http://www.osvdb.org/81557 http://www.securityfocus.com/bid/53253 https://exchange.xforce.ibmcloud.com/vulnerabilities/75183 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2096
https://notcve.org/view.php?id=CVE-2012-2096
The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. El módulo FiveStar v6.x-1.x antes de v6.x-1.20 para Drupal no valida correctamente los datos de la votación, lo que permite a atacantes remotos manipular los promedios de votación a través de un valor negativo en el parámetro de voto. • http://drupal.org/node/1528600 http://drupal.org/node/1528614 http://drupalcode.org/project/fivestar.git/commitdiff/75dba2c http://secunia.com/advisories/48788 http://www.openwall.com/lists/oss-security/2012/04/11/4 http://www.openwall.com/lists/oss-security/2012/04/12/2 http://www.securityfocus.com/bid/52984 • CWE-20: Improper Input Validation •