1 results (0.010 seconds)

CVSS: 2.6EPSS: 0%CPEs: 9EXPL: 0

Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the watchdog. Vulnerabilidad XSS en el módulo Spambot 6.x-3.x anterior a 6.x-3.2 y 7.x-1.x anterior a 7.x-1.1 para Drupal, permite a determinados atacantes inyectar secuencias de comandos web o HTML arbitrarias a través de respuestas de la API stopforumspam.com cuando se ha logado por el "watchdog". • http://osvdb.org/85680 http://secunia.com/advisories/50670 http://www.securityfocus.com/bid/55613 https://drupal.org/node/1789084 https://drupal.org/node/1789086 https://drupal.org/node/1789242 https://exchange.xforce.ibmcloud.com/vulnerabilities/78701 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •