CVE-2012-2711
https://notcve.org/view.php?id=CVE-2012-2711
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Taxonomy List v6.x-1.x anterior a v6.x-1.4 para Drupal, permite a usuarios remotos autenticados, con permisos para crear o editar términos de la taxonomía a inyectar secuencias de comandos web o HTML a través de vectores que implican información de la taxonomía. • http://drupal.org/node/1595396 http://drupal.org/node/1597262 http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0 http://secunia.com/advisories/49238 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82164 http://www.securityfocus.com/bid/53671 https://exchange.xforce.ibmcloud.com/vulnerabilities/75867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2703
https://notcve.org/view.php?id=CVE-2012-2703
Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Advertisement v6.x-2.x anterior a v6.x-2.3 para Drupal, cuando el modo de depuración está habilitado, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con el "variable $ conf en settings.php ". • http://drupal.org/node/1585544 http://drupalcode.org/project/ad.git/commitdiff/4337f34 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://drupal.org/node/1580376 https://exchange.xforce.ibmcloud.com/vulnerabilities/75718 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2726
https://notcve.org/view.php?id=CVE-2012-2726
Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Protest v6.x-1.x anterior a v6.x-1.2 o v7.x 1.x, anterior a v7.x-1.2 para Drupal permite a usuarios remotos autenticados con la "administración de la protesta" permiso para inyectar secuencias de comandos web o HTML a través del parámetro protest_body • http://drupal.org/node/1618090 http://drupal.org/node/1618092 http://drupal.org/node/1619856 http://drupalcode.org/project/protest.git/commitdiff/c85eaed http://drupalcode.org/project/protest.git/commitdiff/cf8c543 http://secunia.com/advisories/49386 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82715 https://exchange.xforce.ibmcloud.com/vulnerabilities/76126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2702
https://notcve.org/view.php?id=CVE-2012-2702
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. El módulo Ubercart Product Keys v6.x-1.x anterior a v6.x-1.1 para Drupal no comprueba correctamente el acceso a las claves, lo que permite a atacantes remotos leer todas las claves del producto no asignadas a través de ciertas condiciones relacionadas con el uid. • http://drupal.org/node/1580752 http://drupal.org/node/1585532 http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261 http://osvdb.org/82005 http://secunia.com/advisories/49169 http://www.openwall.com/lists/oss-security/2012/06/14/3 https://exchange.xforce.ibmcloud.com/vulnerabilities/75720 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2706
https://notcve.org/view.php?id=CVE-2012-2706
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. Una vulnerabilidad de tipo cross-site scripting (XSS) en el módulo Post Affiliate Pro (PAP) para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con el registro de usuarios. • http://drupal.org/node/1585648 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.securityfocus.com/bid/53589 https://exchange.xforce.ibmcloud.com/vulnerabilities/75716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •