CVE-2012-6645
https://notcve.org/view.php?id=CVE-2012-6645
Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561. Vulnerabilidad de XSS en la funcionalidad de autocompletar en el módulo Finder 6.x-1.x anterior a 6.x-1.26, 7.x-1.x y 7.x-2.x anterior a 7.x-2.0-alpha8 para Drupal permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del título de un nodo, una vulnerabilidad diferente a CVE-2012-1561. • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/13e2d0c http://drupalcode.org/project/finder.git/commit/58443aa http://drupalcode.org/project/finder.git/commit/758fcf9 http://drupalcode.org/project/finder.git/commit/bc0cc82 http://secunia.com/advisories/47941 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1561
https://notcve.org/view.php?id=CVE-2012-1561
Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities." Vulnerabilidad de XSS en el módulo Finder 6.x-1.x anterior a 6.x-1.26, 7.x-1.x y 7.x-2.x anterior a 7.x-2.0-alpha8 para Drupal permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados relacionados con "funcionalidades de botón de casilla de verificación y radio." • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/13e2d0c http://drupalcode.org/project/finder.git/commit/58443aa http://secunia.com/advisories/47941 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists/oss-security/2012/03/16/9 http://www.openwall.com/lists/oss-security/2012/03/19/9 http://www.ope • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1648
https://notcve.org/view.php?id=CVE-2012-1648
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Cool Aid antes de v6.x-1.9 para Drupal permite a usuarios autenticados remotamente con el permiso de administrar coolaid, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1417186 http://drupal.org/node/1461438 http://osvdb.org/79712 http://secunia.com/advisories/48196 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52232 https://exchange.xforce.ibmcloud.com/vulnerabilities/73607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1649
https://notcve.org/view.php?id=CVE-2012-1649
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. El módulo Coll Aid antes de v6.x-1.9 para Drupal no impone restricciones de acceso, lo que permite a usuarios remotos autenticados con el permiso de administrar coolaid, modificar las páginas de su elección a través de vectores no especificados. • http://drupal.org/node/1417186 http://drupal.org/node/1461438 http://secunia.com/advisories/48196 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79772 http://www.securityfocus.com/bid/52232 https://exchange.xforce.ibmcloud.com/vulnerabilities/73608 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-1641
https://notcve.org/view.php?id=CVE-2012-1641
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. La función finder_import en el módulo Finder v6.x-1.x anterior a v6.x-1.26, v7.x-1.x, y v7.x-2.x anterior a v7.x-2.0-alpha8 para Drupal permite a usuarios remotos autenticados con permisos de administración del finder ejecutar código PHP arbitrario a través de admin/build/finder/import. • http://drupal.org/node/1432318 http://drupal.org/node/1432320 http://drupalcode.org/project/finder.git/commit/bc0cc82 http://secunia.com/advisories/47915 http://secunia.com/advisories/47943 http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities http://www.openwall.com/lists/oss-security/2012/03/16/9 http://www.openwall.com/lists/oss-security/2012/03/19/9 http://www.openwall.com/lists/oss-security/2012/04/07/1 http:/ • CWE-264: Permissions, Privileges, and Access Controls •