1 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 31EXPL: 0

Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo AddThis Button v5.x anterior a v5.x-2.2 y v6.x anterior a v6.x-2.9 para Drupal permite a usuarios autenticados en remoto con privilegios de administrar addthis, inyectar secuencias de comandos Web o HTML mediante vectores no especificados • http://drupal.org/node/731568 http://drupal.org/node/731576 http://drupal.org/node/731578 http://secunia.com/advisories/38818 http://www.securityfocus.com/bid/38513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •