Frank Mably

#10109de 53,638
27.3CVSS total
Vulnerabilidades · 5
Média
5
PT-2026-22090
4.8
2026-02-25
Drupal · Responsive Favicons · CVE-2026-3218
**Name of the Vulnerable Software and Affected Versions** Drupal Responsive Favicons versions prior to 2.0.2 **Description** A flaw exists in the Drupal Responsive Favicons module where administrator-entered text is not properly filtered, leading to a Cross-Site Scripting (XSS) issue. An attacker must possess the 'administer responsive favicons' permission to exploit this. The module adds favicons generated by `realfavicongenerator.net` to a Drupal site. The vulnerability is a type of Improper Neutralization of Input During Web Page Generation. **Recommendations** Update to version 2.0.2 or later.
PT-2026-2980
4.8
2026-01-14
Drupal · At Internet Piano Analytics · CVE-2026-0947
**Name of the Vulnerable Software and Affected Versions** Drupal AT Internet Piano Analytics versions 0.0.0 through 1.0.0 Drupal AT Internet Piano Analytics versions 2.0.0 through 2.3.0 **Description** The AT Internet Piano Analytics module for Drupal contains a Cross-Site Scripting (XSS) issue. The module does not properly filter text entered by administrators, leading to a persistent XSS condition. An attacker must have the 'administer pianoanalytics' permission to exploit this. **Recommendations** Update to version 1.0.1 or later. Update to version 2.3.1 or later.
PT-2026-6027
6.1
2026-01-14
Unknown · Drupal At Internet Smarttag · CVE-2026-0946
**Name of the Vulnerable Software and Affected Versions** Drupal AT Internet SmartTag versions prior to 1.0.1 **Description** The software contains a flaw due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting (XSS). This means an attacker could potentially inject malicious scripts into web pages viewed by other users. **Recommendations** Update to version 1.0.1 or later.
PT-2025-26961
6.1
2025-06-26
Toc.Js · Toc.Js · CVE-2025-48923
Nome do Software Vulnerável e Versões Afetadas: Versões do Toc.Js de 0.0.0 a 3.2.1 Descrição: O problema está relacionado à Neutralização Imprópria de Entrada Durante a Geração de Página Web, também conhecida como Cross-site Scripting (XSS), no Drupal Toc.Js. Isso permite que um atacante execute ataques de Cross-Site Scripting (XSS). Recomendações: Para as versões do Toc.Js de 0.0.0 a 3.2.1, atualize para a versão 3.2.1 ou posterior para resolver o problema.
PT-2024-10136
5.5
2024-03-27
Tacjs · Tacjs · CVE-2024-13252
**Nome do software vulnerável e versões afetadas** Versões do TacJS de 0.0.0 a 6.4.9 **Descrição** O problema está relacionado à neutralização inadequada de entradas durante a geração de páginas da web, o que permite ataques de Cross-Site Scripting (XSS). Isso pode permitir que um invasor remoto execute ataques de script entre sites. **Recomendações** Para as versões 0.0.0 a 6.4.9, atualize para a versão 6.5.0 ou posterior para resolver o problema.