CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3354
https://notcve.org/view.php?id=CVE-2015-3354
Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors. Vulnerabilidad de CSRF en el módulo Wishlist anterior a 6.x-2.7 y 7.x-2.x anterior a 7.x-2.7 para Drupal permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que eliminan las intenciones de compra del Wishlist a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/01/29/6 http://www.securityfocus.com/bid/72114 https://www.drupal.org/node/2406803 https://www.drupal.org/node/2406811 https://www.drupal.org/node/2407313 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-3357
https://notcve.org/view.php?id=CVE-2015-3357
Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message. Vulnerabilidad de XSS en el módulo Wishlist anterior a 6.x-2.7 y 7.x-2.x anterior a 7.x-2.7 para Drupal permite a usuarios remotos autenticados con el permiso 'acceder a las listas de compra' inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados, lo que no se manejan correctamente en un mensaje de registro. • http://www.openwall.com/lists/oss-security/2015/01/29/6 https://www.drupal.org/node/2406803 https://www.drupal.org/node/2406811 https://www.drupal.org/node/2407313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2012-2069
https://notcve.org/view.php?id=CVE-2012-2069
Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. Vulnerabilidad de fasificación de peticiones en sitios cruzados (CSRF) en el módulo Wishlist v6.x-2.x anterior a v6.x-2.6 y 7.x-2.x anterior a v7.x-2.6 para Drupal permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para las solicitudes que insertan cross-site scripting (XSS) secuencias a través de la wl_reveal (1) o (2) los parámetros q. • http://drupal.org/node/1483634 http://drupal.org/node/1483636 http://drupal.org/node/1492624 http://drupalcode.org/project/wishlist.git/commit/6660c33 http://drupalcode.org/project/wishlist.git/commit/73aaf98 http://secunia.com/advisories/48486 http://www.madirish.net/content/drupal-wishlist-6x-24-xss-vulnerability http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52660 • CWE-352: Cross-Site Request Forgery (CSRF) •