CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4474
https://notcve.org/view.php?id=CVE-2012-4474
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Node Colorbox v7.x-2.x antes de v7.x-2.2 para Drupal permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://drupal.org/node/1679410 http://drupal.org/node/1679486 http://www.openwall.com/lists/oss-security/2012/10/04/3 http://www.securityfocus.com/bid/54406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •