3 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Una vulnerabilidad de inyección SQL en el módulo Translation Management versiones 6.x anteriores a 6.x-1.21 para Drupal, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio de vectores no especificados. • http://drupal.org/node/1111174 http://secunia.com/advisories/43950 http://www.securityfocus.com/bid/47098 https://exchange.xforce.ibmcloud.com/vulnerabilities/66476 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo Translation Management v6.x anterior a v6.x-1.21 para Drupal, permite a atacantes remotos inyectar secuencias de comando web o HTML a través de vectores no especificados. • http://drupal.org/node/1111174 http://secunia.com/advisories/43950 http://www.securityfocus.com/bid/47098 https://exchange.xforce.ibmcloud.com/vulnerabilities/66475 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 21EXPL: 0

Cross-site request forgery (CSRF) vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Una vulnerabilidad de tipo Cross-site request forgery (CSRF) en el módulo Translation Management versiones 6.x anteriores a 6.x-1.21 para Drupal, permite a atacantes remotos secuestrar la autenticación de víctimas no especificadas por medio de vectores desconocidos. • http://drupal.org/node/1111174 http://secunia.com/advisories/43950 https://exchange.xforce.ibmcloud.com/vulnerabilities/66477 • CWE-352: Cross-Site Request Forgery (CSRF) •