CVE-2012-1654
https://notcve.org/view.php?id=CVE-2012-1654
Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Data v6.x-1.x antes de v6.x-1.0 y v7.x-1.x antes de v7.x-1.0-alpha3 para Drupal, permite a usuarios autenticados remotamente con permisos de administración de tablas, inyectar secuencias de comandos web o HTML a través del parámetro title en (1) data.views.inc y (2) data_ui/data_ui.admin.inc. • http://drupal.org/node/1470980 http://drupal.org/node/1470982 http://drupal.org/node/1471780 http://drupalcode.org/project/data.git/commit/33f0caa http://drupalcode.org/project/data.git/commit/6f6858a http://secunia.com/advisories/48326 http://www.madirish.net/content/drupal-data-6x-10-xss-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79854 http://www.securityfocus.com/bid/52337 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4119
https://notcve.org/view.php?id=CVE-2009-4119
Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Feed Element Mapper v5.x anteriores a v5.x-1.3, v6.x anteriores a v6.x-1.3, y v6.x-2.0-alpha anteriores a v6.x-2.0-alpha4 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque sin especificar. • http://drupal.org/node/636496 http://drupal.org/node/636498 http://drupal.org/node/636518 http://osvdb.org/60288 http://secunia.com/advisories/37439 http://www.securityfocus.com/bid/37060 https://exchange.xforce.ibmcloud.com/vulnerabilities/54338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •