Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node...
5.4AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified...
7.3AI Score
0.002EPSS
Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination...
7AI Score
0.003EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a....
5.5AI Score
0.001EPSS