CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4761 – Post Views Count <= 3.0.2 - Contributor+ Stored XSS in Shortcode
https://notcve.org/view.php?id=CVE-2022-4761
25 Jan 2023 — The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Post Views Count plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on... • https://wpscan.com/vulnerability/ad163020-8b9c-42cb-a55f-b137b224bafb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2015-7226
https://notcve.org/view.php?id=CVE-2015-7226
17 Sep 2015 — The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to obtain sensitive information via vectors related to the access handler. Vulnerabilidad en el módulo Administration Views 7.x-1.x en versiones anteriores a 7.x-1.5 para Drupal, comprueba los permisos de acceso basándose en la ruta del router desde view en lugar de la propiedad display, lo que permite a atacantes re... • http://cgit.drupalcode.org/admin_views/commit/?id=44098bb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 1CVE-2015-5490
https://notcve.org/view.php?id=CVE-2015-5490
18 Aug 2015 — The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors. Vulnerabilidad en el método _views_fetch_data en includes/cache.inc en el módulo Views 7.x-3.5 hasta 7.x-3.10 para Drupal, no reconstruye la caché completa si la caché estática no está vacía, lo que permite a atacantes re... • http://cgit.drupalcode.org/views/commit/?id=cef693b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5509
https://notcve.org/view.php?id=CVE-2015-5509
18 Aug 2015 — The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. Vulnerabilidad en el módulo Administration Views 7.x-1.x en versiones anteriores a 7.x-1.4 para Drupal, cuando se utiliza con otros módulos no especificados, no garantiza adecuadamente acceso a las páginas de administración, lo que permite a administrador... • http://www.openwall.com/lists/oss-security/2015/07/04/4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2015-5515
https://notcve.org/view.php?id=CVE-2015-5515
18 Aug 2015 — The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. Vulnerabilidad en el módulo Views Bulk Operations (VBO) 6.x-1.x y 7.x-3.x en versiones anteriores a 7.x-3.3 para Drupal, cuando la operación bulk para cambiar Roles está habilitada, permite a usuarios remo... • http://www.openwall.com/lists/oss-security/2015/07/04/4 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2015-3378
https://notcve.org/view.php?id=CVE-2015-3378
21 Apr 2015 — Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views. Vulnerabilidad de la redirección abierta en el módulo Views anterior a 6.x-2.18, 6.x-3.x anterior a 6.x-3.2, y 7.x-3.x anterior a 7.x-3.10 para Drupal, cuando el submódulo Views ... • http://www.openwall.com/lists/oss-security/2015/02/13/12 •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2015-3379
https://notcve.org/view.php?id=CVE-2015-3379
21 Apr 2015 — The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. El módulo Views anterior a 6.x-2.18, 6.x-3.x anterior a 6.x-3.2, y 7.x-3.x anterior a 7.x-3.10 para Drupal no restringe correctamente el acceso a las configuraciones de visualizaciones por defecto, lo que permite a usuarios remotos autenticados ob... • http://www.openwall.com/lists/oss-security/2015/02/13/12 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2013-1887
https://notcve.org/view.php?id=CVE-2013-1887
27 Mar 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo Views v7.x-3.x anterior a v7.x-3.6 para Drupal permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a través de ciertos camp... • http://drupal.org/node/1948354 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2013-0321
https://notcve.org/view.php?id=CVE-2013-0321
27 Mar 2013 — Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. Vulnerabilidad de e jecución de secuencias de comandos en sitios cruzados(XSS) en Views en el modulo Ubercart Views (uc_views) v6.x módulo antes de v6.x-3.3 para Drupal que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo Nombre completo. • http://drupal.org/node/1922128 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2074
https://notcve.org/view.php?id=CVE-2012-2074
14 Aug 2012 — Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. Una vulnerabilidad no especificada en ciertas vistas por defecto en el módulo Ubercart Views v6.x antes de v6.x-3.2 para Drupal permite a atacantes remotos obtener información sensible a través de vectores de ataque desconocidos. • http://drupal.org/node/1505210 •