CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4392
https://notcve.org/view.php?id=CVE-2015-4392
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings. Vulnerabilidad de XSS en el módulo Display Suite 7.x-2.7 para Drupal permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados relacionados con las configuraciones de despliegue de campos. • http://www.openwall.com/lists/oss-security/2015/04/25/6 http://www.securityfocus.com/bid/74362 https://www.drupal.org/node/2471721 https://www.drupal.org/node/2471733 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2013-0323
https://notcve.org/view.php?id=CVE-2013-0323
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the author field. Ejecución de secuencias de comandos en sitios cruzados(XSS) en el módulo Display Suite de v7.x-1.x antes v7.x-1.7 y v7.x-2.x antes v7.x-2.1 para Drupal que permite a atacantes remotos inyectar web script o HTML a través del campo de autor. • http://drupal.org/node/1922424 http://drupal.org/node/1922430 http://drupal.org/node/1922438 http://drupalcode.org/project/ds.git/commitdiff/45d490e http://drupalcode.org/project/ds.git/commitdiff/665c791 http://drupalcode.org/project/ds.git/commitdiff/90bcd8f http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •