CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2012-5540
https://notcve.org/view.php?id=CVE-2012-5540
Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de HostIP v6.x-2.x antes de v6.x-2.2 y v7.x-2.x antes de v7.x-2.2 para Drupal, permite a atacantes remotos con control de hostip.info inyectar secuencias de comandos web o HTML a través vectores no especificados. • http://drupal.org/node/1802046 http://drupal.org/node/1802048 http://drupal.org/node/1802218 http://www.openwall.com/lists/oss-security/2012/11/20/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •