1 results (0.028 seconds)

CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Node Recommendation v6.x-1.x antes de v6.x-1.1 para Drupal, permite a usuarios autenticados remotamente, con algunos permisos, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1471906 http://drupal.org/node/1471940 http://drupalcode.org/project/noderecommendation.git/commit/55567d0 http://secunia.com/advisories/48330 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79853 http://www.securityfocus.com/bid/52343 https://exchange.xforce.ibmcloud.com/vulnerabilities/73778 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •