4 results (0.003 seconds)

CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0

Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo de Drupal E-Publish 5.x anteriores a 5.x-1.1 y 6.x anteriores a 6.x-1.0 beta1 permite a atacantes remotos llevar a cabo acciones no autorizadas como otros usuarios mediante vectores no especificados. • http://drupal.org/node/250408 http://secunia.com/advisories/29960 http://www.vupen.com/english/advisories/2008/1353/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41978 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de órdenes (XSS) en el módulo de Drupal "E-Publish" 5.x anteriores a 5.x-1.1 y 6.x anteriores a 6.x-1.0 beta1, permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante vectores no especificados. • http://drupal.org/node/250408 http://secunia.com/advisories/29960 http://www.vupen.com/english/advisories/2008/1353/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en show.cfm en e-publish CMS 2.0 y anteriores permite a atacantes remotos inyectar 'script' web o HTML de su elección mediante lo parámetros (1) obcatid y (2) comid. • http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html http://secunia.com/advisories/18140 http://www.osvdb.org/21882 http://www.securityfocus.com/bid/15964 http://www.vupen.com/english/advisories/2005/2983 https://exchange.xforce.ibmcloud.com/vulnerabilities/23828 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección de SQL en printer_friendly.cfm en e-publish CMS 2.0 y anteriores permiten a atacantes remotos ejecutar órdenes SQL de su elección mediante el parámetro "id". • http://pridels0.blogspot.com/2005/12/e-publish-cms-vuln.html http://secunia.com/advisories/18140 http://www.osvdb.org/21881 http://www.securityfocus.com/bid/15964 http://www.vupen.com/english/advisories/2005/2983 https://exchange.xforce.ibmcloud.com/vulnerabilities/23827 •