CVSS: 3.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-1653
https://notcve.org/view.php?id=CVE-2012-1653
Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages." Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el módulo Taxonomy Views Integrator (TVI) v6.x-1.x antes de v6.x-1.3 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de vectores no especificados. Se trata de un problema relacionado con las "páginas vistas". • http://drupal.org/node/1306946 http://drupal.org/node/1461892 http://osvdb.org/79682 http://secunia.com/advisories/48163 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52227 https://exchange.xforce.ibmcloud.com/vulnerabilities/73612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •