CVE-2012-1648
https://notcve.org/view.php?id=CVE-2012-1648
Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Cool Aid antes de v6.x-1.9 para Drupal permite a usuarios autenticados remotamente con el permiso de administrar coolaid, inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1417186 http://drupal.org/node/1461438 http://osvdb.org/79712 http://secunia.com/advisories/48196 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52232 https://exchange.xforce.ibmcloud.com/vulnerabilities/73607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1649
https://notcve.org/view.php?id=CVE-2012-1649
Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. El módulo Coll Aid antes de v6.x-1.9 para Drupal no impone restricciones de acceso, lo que permite a usuarios remotos autenticados con el permiso de administrar coolaid, modificar las páginas de su elección a través de vectores no especificados. • http://drupal.org/node/1417186 http://drupal.org/node/1461438 http://secunia.com/advisories/48196 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/79772 http://www.securityfocus.com/bid/52232 https://exchange.xforce.ibmcloud.com/vulnerabilities/73608 • CWE-264: Permissions, Privileges, and Access Controls •