CVSS: 6.1EPSS: 0%CPEs: 84EXPL: 1CVE-2012-6645
https://notcve.org/view.php?id=CVE-2012-6645
08 Apr 2014 — Cross-site scripting (XSS) vulnerability in the autocomplete functionality in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via the title of a node, a different vulnerability than CVE-2012-1561. Vulnerabilidad de XSS en la funcionalidad de autocompletar en el módulo Finder 6.x-1.x anterior a 6.x-1.26, 7.x-1.x y 7.x-2.x anterior a 7.x-2.0-alpha8 para Drupal permite a atacantes remotos inyectar sc... • http://drupal.org/node/1432318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 84EXPL: 0CVE-2012-1561
https://notcve.org/view.php?id=CVE-2012-1561
08 Apr 2014 — Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities." Vulnerabilidad de XSS en el módulo Finder 6.x-1.x anterior a 6.x-1.26, 7.x-1.x y 7.x-2.x anterior a 7.x-2.0-alpha8 para Drupal permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especi... • http://drupal.org/node/1432318 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 10EXPL: 0CVE-2012-1648
https://notcve.org/view.php?id=CVE-2012-1648
09 Sep 2012 — Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Cool Aid antes de v6.x-1.9 para Drupal permite a usuarios autenticados remotamente con el permiso de administrar coolaid, inyectar secuencias de comandos web o HTML a través de vectores no espe... • http://drupal.org/node/1417186 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2012-1649
https://notcve.org/view.php?id=CVE-2012-1649
09 Sep 2012 — Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. El módulo Coll Aid antes de v6.x-1.9 para Drupal no impone restricciones de acceso, lo que permite a usuarios remotos autenticados con el permiso de administrar coolaid, modificar las páginas de su elección a través de vectores no especificados. • http://drupal.org/node/1417186 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 84EXPL: 1CVE-2012-1641
https://notcve.org/view.php?id=CVE-2012-1641
28 Aug 2012 — The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. La función finder_import en el módulo Finder v6.x-1.x anterior a v6.x-1.26, v7.x-1.x, y v7.x-2.x anterior a v7.x-2.0-alpha8 para Drupal permite a usuarios remotos autenticados con permisos de administración del finder ejecutar código PHP arbitrario a t... • http://drupal.org/node/1432318 • CWE-264: Permissions, Privileges, and Access Controls •