2 results (0.007 seconds)

CVSS: 3.5EPSS: 0%CPEs: 30EXPL: 0

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 6.x-1.x before 6.x-1.19, 7.x-1.x before 7.x-1.3, and 7.x-2.x before 7.x-2.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes. Vulnerabilidad de XSS en el módulo Print (también conocido como las versiones Printer, e-mail y PDF) 6.x-1.x anterior a 6.x-1.19, 7.x-1.x anterior a 7.x-1.3, y 7.x-2.x anterior a 7.x-2.0 para Drupal permite a usuarios remotos autenticados con ciertos permisos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con nodos. • http://secunia.com/advisories/57402 https://drupal.org/node/2231671 https://exchange.xforce.ibmcloud.com/vulnerabilities/92349 https://www.drupal.org/node/2231191 https://www.drupal.org/node/2231197 https://www.drupal.org/node/2231199 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 30EXPL: 0

Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_INFO. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de impresión, correo electrónico y PDF versiones 6.x-1.x antes de 6.x-1.15 y 7.x-1.x antes 7.x-1.0 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores no especificados, probablemente el PATH_INFO. • http://drupal.org/node/1515060 http://drupal.org/node/1515076 http://drupal.org/node/1515722 http://drupalcode.org/project/print.git/commit/30480e0 http://drupalcode.org/project/print.git/commit/6771c3f http://secunia.com/advisories/48625 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52896 https://exchange.xforce.ibmcloud.com/vulnerabilities/74611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •