CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5937
https://notcve.org/view.php?id=CVE-2013-5937
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete database information via vectors involving the Drupal Form API. Vulnerabilidad CSRF en el módulo Click2Sell Suite v6.x-1.x para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que eliminen información de la base de datos a través de vectores que involucran la API Drupal Form. • http://osvdb.org/97203 http://seclists.org/fulldisclosure/2013/Sep/64 http://www.openwall.com/lists/oss-security/2013/10/21/5 https://drupal.org/node/2087055 https://exchange.xforce.ibmcloud.com/vulnerabilities/87052 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5938
https://notcve.org/view.php?id=CVE-2013-5938
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. Vulnerabilidad XSS en el módulo Click2Sell Suite v6.x-1.x para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de un formulario de confirmación. • http://osvdb.org/97204 http://seclists.org/fulldisclosure/2013/Sep/64 http://www.openwall.com/lists/oss-security/2013/10/21/5 https://drupal.org/node/2087055 https://exchange.xforce.ibmcloud.com/vulnerabilities/87050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •