CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2012-2717
https://notcve.org/view.php?id=CVE-2012-2717
Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Mobile Tools v6.x-2.x antes de v6.x-2.3 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el campo Mobile URL o (2) el campo Desktop URL a la página de configuración general, o (3) el mensaje a las opciones de bloqueo de mensajes de Mobile Tools. • http://drupal.org/node/1169008 http://drupal.org/node/1608828 http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc http://osvdb.org/82410 http://secunia.com/advisories/49318 http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53734 https://exchange.xforce.ibmcloud.com/vulnerabilities/76002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3802
https://notcve.org/view.php?id=CVE-2012-3802
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. Vulnerabilidad no especificada en el módulo Post Affiliate Pro (PAP) para Drupal, permite a usuarios autenticados remotamente leer las comisiones de otros usuarios a través de vectores de ataque desconocidos. • http://drupal.org/node/1585648 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53589 https://exchange.xforce.ibmcloud.com/vulnerabilities/75716 •
CVSS: 2.6EPSS: 0%CPEs: 20EXPL: 1CVE-2012-2731
https://notcve.org/view.php?id=CVE-2012-2731
The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. Ubercart AJAX Cart v6.x-2.x anterior a v6.x-2.1 para Drupal almacena la id de la sesión en la tabla de configuración de páginas cargadas, lo que podría permitir a atacantes remotos obtener información sensible espiando o leyendo la caché del HTML de una página Web. • http://drupal.org/node/1619586 http://drupal.org/node/1633048 http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53999 https://exchange.xforce.ibmcloud.com/vulnerabilities/76332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 1CVE-2012-2715
https://notcve.org/view.php?id=CVE-2012-2715
Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función themes_links en template.php en el módulo del tema Amadou v6.x-1.x anterior a v6.x-1.3 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con atributos class en una lista de enlaces. • http://drupal.org/node/1608730 http://drupal.org/node/1608780 http://drupalcode.org/project/amadou.git/commitdiff/071ea83 http://secunia.com/advisories/49328 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82433 http://www.securityfocus.com/bid/53732 https://exchange.xforce.ibmcloud.com/vulnerabilities/75997 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2710
https://notcve.org/view.php?id=CVE-2012-2710
Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Zen v6.x-1.x anterior a v6.x-1.1 para Drupal, cuando "Append the content title to the end of the breadcrumb" está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del "content title" en breadcrumb. • http://drupal.org/node/1585960 http://drupal.org/node/628480 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53573 https://exchange.xforce.ibmcloud.com/vulnerabilities/75711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •