3 results (0.003 seconds)

CVSS: 3.5EPSS: 0%CPEs: 9EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name. Múltiples vulnerabilidades de XSS en el módulo Maestro 7.x-1.x anterior a 7.x-1.4 para Drupal permiten a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de (1) rol o (2) grupo orgánico. • http://secunia.com/advisories/56790 http://www.securityfocus.com/bid/65677 https://drupal.org/node/2200453 https://exchange.xforce.ibmcloud.com/vulnerabilities/91274 https://www.drupal.org/node/2013653 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el módulo Maestro v7.x-1.x anteriores a v7.x-1.2 para Drupal, permite a atacantes remotos secuestrar la autenticación de los administradores para (1) cambiar los flujos de trabajo o (2) insertar secuencias de comandos en sitios cruzados. • http://drupal.org/node/1617952 http://drupal.org/node/1619830 http://drupalcode.org/project/maestro.git/commitdiff/c499971 http://secunia.com/advisories/49393 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82714 http://www.securityfocus.com/bid/53836 https://exchange.xforce.ibmcloud.com/vulnerabilities/76146 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 2.6EPSS: 0%CPEs: 8EXPL: 1

Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Maestro v7.x-1.x anterior a v7.x-1.2 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://drupal.org/node/1617952 http://drupal.org/node/1619830 http://drupalcode.org/project/maestro.git/commitdiff/c499971 http://secunia.com/advisories/49393 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82713 http://www.securityfocus.com/bid/53836 https://exchange.xforce.ibmcloud.com/vulnerabilities/76145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •