CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-3479 – ShareThis <= 7.0.5 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2013-3479
Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. Vulnerabilidad CSRF (Cross-site request forgery) en el plugin ShareThis anterior a v7.0.6 para WordPress permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que modifican la configuración de este plugin. • http://secunia.com/advisories/53135 http://wordpress.org/plugins/share-this/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0CVE-2012-5545
https://notcve.org/view.php?id=CVE-2012-5545
Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors related to "JavaScript settings." Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo ShareThis v7.x-2.x antes de v7.x-2.5 para Drupal permite a usuarios autenticados remotamente con permisos "administer sharethis" inyectar secuencias de comandos web o HTML a través de vectores relacionados con "JavaScript Settings" • http://drupal.org/node/1808760 http://drupal.org/node/1808856 http://www.openwall.com/lists/oss-security/2012/11/20/4 http://www.securityfocus.com/bid/55870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2076
https://notcve.org/view.php?id=CVE-2012-2076
Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en los formularios de administración del módulo ShareThis v7.x-2.x antes de v7.x-2.3 para Drupal permite inyectar secuencias de comandos web o HTML a usuarios remotos autenticados con permisos de adminitración de ShareThis a través de vectores no especificados. • http://drupal.org/node/1504746 http://drupal.org/node/1506448 http://drupalcode.org/project/sharethis.git/commit/11f247a http://osvdb.org/80670 http://secunia.com/advisories/48598 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52778 https://exchange.xforce.ibmcloud.com/vulnerabilities/74516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2077
https://notcve.org/view.php?id=CVE-2012-2077
Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API." Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en el módulo de ShareThis v7.x-2.x antes v7.x-2.3 para Drupal permite a atacantes remotos secuestrar la autenticación de los usuarios con permisos de administración de "ShareThis" a través de vectores desconocidos "fuera de la API del formulario". • http://drupal.org/node/1504746 http://drupal.org/node/1506448 http://drupalcode.org/project/sharethis.git/commit/11f247a http://secunia.com/advisories/48598 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.osvdb.org/80681 http://www.securityfocus.com/bid/52778 https://exchange.xforce.ibmcloud.com/vulnerabilities/74518 • CWE-352: Cross-Site Request Forgery (CSRF) •