1 results (0.003 seconds)
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-1971
https://notcve.org/view.php?id=CVE-2013-1971
Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo MP3 Player para Drupal v6.x que permite a usuarios autenticados remotamente inyectar código script o HTML a través del nombre del fichero MP3. • http://www.securityfocus.com/bid/59276 https://drupal.org/node/1972804 https://exchange.xforce.ibmcloud.com/vulnerabilities/83649 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •