3 results (0.006 seconds)

CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0

Unspecified vulnerability in the Views Bulk Operations module 6 before 6.x-1.10 for Drupal allows remote authenticated users with user management permissions to bypass intended access restrictions and delete anonymous users (user 0) via unspecified vectors. Vulnerabilidad no especificada en el módulo Views Bulk Operations v6 antes de v6.x-1.10 para Drupal, permite a usuarios remotos autenticados con permisos de administración de usuario evitar restricciones de acceso y eliminar usuarios anónimos (usuarios 0) a través de vectores no especificados. • http://drupal.org/node/933596 http://drupal.org/node/933960 http://secunia.com/advisories/41696 http://www.securityfocus.com/bid/43813 https://exchange.xforce.ibmcloud.com/vulnerabilities/62316 •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x before 5.x-2.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the node title. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de Drupal "Zoomify" v5.x antes de v5.x-2.2 y v6.x antes de v6.x-1.4 permite a atacantes remotos inyectar HTML o scripts weba través del título del nodo. • http://drupal.org/node/623434 http://drupal.org/node/623436 http://drupal.org/node/623678 http://osvdb.org/59671 http://secunia.com/advisories/37263 http://www.securityfocus.com/bid/36930 https://exchange.xforce.ibmcloud.com/vulnerabilities/54155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Unspecified vulnerability in Views Bulk Operations 5.x-1.x before 5.x-1.4 and 6.x-1.x before 6.x-1.7, a module for Drupal, allows remote attackers to bypass intended access restrictions and modify "nodes or classes of nodes" via unknown vectors, probably related to registered procedures (aka actions). Vulnerabilidad no especificada en Views Bulk Operations 5.x-1.x antes de 5.x-1.4 y 6.x-1.x ante de 6.x-1.7, un modulo para Drupal, permite a atacantes remotos evitar las restricciones de acceso previstas y modificar "nodos o clases de nodos" mediante vectores desconocidos, probablemente relacionado con procedimientos registrados (alias acciones). • http://drupal.org/node/468450 http://secunia.com/advisories/35117 http://www.securityfocus.com/bid/35051 https://exchange.xforce.ibmcloud.com/vulnerabilities/50659 •