54 results (0.046 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la API de saneo del núcleo de Drupal que no filtra apropiadamente las vulnerabilidades de tipo cross-site scripting en determinadas circunstancias. Este problema afecta a: Drupal Core versiones 9.1.x anteriores a la 9.1.7; versiones 9.0.x anteriores a la 9.0.12; versiones 8.9.x anteriores a la 8.9.14; versiones 7.x anteriores a la 7.80 • https://www.drupal.org/sa-core-2021-002 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked. Drupal versiones 6.x anteriores a 6.16 y versiones 5.x anteriores a 5.22, no bloquea apropiadamente a usuarios bajo determinadas circunstancias. Un usuario con una sesión abierta que fue bloqueada podría mantener su sesión en el sitio de Drupal a pesar de estar bloqueado. • https://security-tracker.debian.org/tracker/CVE-2010-2473 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-20: Improper Input Validation •

CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0

Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission. El módulo local y los módulos contribuidos dependientes en Drupal versiones 6.x anteriores a 6.16 y versiones 5.x anteriores a 5.22, no sanean apropiadamente la visualización de códigos de Idioma, nombres nativos y de idioma Inglés, lo que podría permitir a un atacante llevar a cabo un ataque de tipo cross-site scripting (XSS). Esta vulnerabilidad es mitigada por el hecho de que un atacante necesita tener un rol con el permiso de "administer languages". • https://security-tracker.debian.org/tracker/CVE-2010-2472 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack. Drupal versiones 5.x y 6.x anteriores a la versión 6.16, utiliza un valor suministrado por el usuario en la salida durante la instalación del sitio, lo que podría permitir a un atacante crear una URL y realizar un ataque de tipo cross-site scripting • http://www.openwall.com/lists/oss-security/2014/02/12/8 https://security-tracker.debian.org/tracker/CVE-2010-2250 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Drupal versions 5.x and 6.x has open redirection Drupal versiones 5.x y 6.x, tiene un redireccionamiento abierto • http://www.openwall.com/lists/oss-security/2014/02/12/8 https://access.redhat.com/security/cve/cve-2010-2471 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592716 https://security-tracker.debian.org/tracker/CVE-2010-2471 https://www.drupal.org/node/731710 https://www.openwall.com/lists/oss-security/2010/06/28/8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •