CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1624
https://notcve.org/view.php?id=CVE-2012-1624
Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el módulo Lingotek v6.x-1.x anteriores a v6.x-1.40 para Drupal, permite a atacantes remotos inyectar secuencias de comandos Web o HTML cuando (1) crea o (2) edita el contenido de la página. • http://drupal.org/node/1394220 http://drupal.org/node/1394412 http://secunia.com/advisories/47453 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/78185 http://www.securityfocus.com/bid/51272 https://exchange.xforce.ibmcloud.com/vulnerabilities/72151 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •