2 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Currency Exchange anterior a v6.x-1.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados, relacionados con la vigilancia de registro (watchdog logging). • http://drupal.org/node/676214 http://drupal.org/node/676216 http://osvdb.org/61587 http://secunia.com/advisories/38121 http://www.securityfocus.com/bid/37649 http://www.vupen.com/english/advisories/2010/0063 https://exchange.xforce.ibmcloud.com/vulnerabilities/55453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors. Vulnerabilidad no especificada en el módulo para drupal Userpoints v6.x anteriores a 6.x-1.1, permite a usuarios remotos autenticado, con permisos "View own userpoints", leer los datos de puntos de usuario de usuarios de su elección a través de vectores de ataque desconocidos. • http://drupal.org/node/610818 http://drupal.org/node/610828 http://osvdb.org/59124 http://secunia.com/advisories/37123 http://www.securityfocus.com/bid/36786 http://www.vupen.com/english/advisories/2009/2998 https://exchange.xforce.ibmcloud.com/vulnerabilities/53896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •