1 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0

Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Feed Element Mapper v5.x anteriores a v5.x-1.3, v6.x anteriores a v6.x-1.3, y v6.x-2.0-alpha anteriores a v6.x-2.0-alpha4 de Drupal permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque sin especificar. • http://drupal.org/node/636496 http://drupal.org/node/636498 http://drupal.org/node/636518 http://osvdb.org/60288 http://secunia.com/advisories/37439 http://www.securityfocus.com/bid/37060 https://exchange.xforce.ibmcloud.com/vulnerabilities/54338 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •