Lucene search
K

158 matches found

CVE
CVE
added 2025/01/09 6:57 p.m.48 views

CVE-2024-13250

CVE-2024-13250 maps to Drupal Symfony Mailer Lite CSRF vulnerability. Affected versions are 0.0.0 up to 1.0.5/1.0.6, with 1.0.6 as the fixed release. The issue allows CSRF exploitation in Drupal Symfony Mailer Lite, potentially enabling an attacker to perform unwanted actions on behalf of an auth...

8.8CVSS6.7AI score0.00189EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/09 6:53 p.m.50 views

CVE-2024-13247

CVE-2024-13247 concerns the Drupal Coffee module (versions 0.0.0 through 1.3.x; prior to 1.4.0). The root cause is improper neutralization/escaping of user input during web page generation, leading to Cross-Site Scripting (XSS) when Coffee renders certain content. The public documentation consist...

4.8CVSS6.2AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/01/09 6:49 p.m.18 views

CVE-2024-13243 Entity Delete Log - Moderately critical - Access bypass - SA-CONTRIB-2024-007

Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1...

0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/09 6:33 p.m.10 views

CVE-2024-13238 Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal Typogrify allows Cross-Site Scripting XSS.This issue affects Typogrify: from 0.0.0 before 1.3.0...

6.4AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 6:15 p.m.58 views

CVE-2024-13237

CVE-2024-13237 affects Drupal File Entity (fieldable files). The vulnerability arises from improper neutralization of input during web page generation, enabling Cross-Site Scripting (XSS) for File Entity versions 7.X-* up to but not including 7.X-2.38. The issue is discussed in SA-CONTRIB-2024-00...

5.4CVSS6.2AI score0.00228EPSS
Exploits0References1Affected Software1
Drupal
Drupal
added 2024/05/22 12:0 a.m.30 views

Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020

The Email Contact module provides email field display formatters that can display the field as a link to the contact form, or as an inline contact form. The module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is...

7.5CVSS7AI score0.0039EPSS
Exploits0References9
Drupal
Drupal
added 2024/02/28 12:0 a.m.23 views

Private content - Moderately critical - Access bypass - SA-CONTRIB-2024-012

This module gives each node a 'private' checkbox. If it's set, the node can only be seen by the node author, or users with the 'access private content' permission. The module incorrectly grants access to private nodes under certain specific circumstances. This vulnerability is mitigated by the fa...

5.5CVSS6.9AI score0.00182EPSS
Exploits0References6
Drupal
Drupal
added 2023/11/01 12:0 a.m.16 views

Paragraphs admin - Moderately critical - - SA-CONTRIB-2023-049

This module enables you to view all paragraph entities in an admin view. The module contains an access bypass that allows non admin users to access the view. The vulnerability can be mitigated by editing the view to change the permission required to access the page...

7AI score
Exploits0References7
Drupal
Drupal
added 2023/06/28 12:0 a.m.5 views

Expandable Formatter - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-028

This module enables you to render a field in an expandable/collapsible region. The module doesn't sufficiently sanitize the field content when displaying it to an end user. This vulnerability is mitigated by the fact that an attacker must have a role capable of creating content that uses the fiel...

5.6AI score
Exploits0References8
Drupal
Drupal
added 2023/03/15 12:0 a.m.23 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

3.1AI score
Exploits0References14
Drupal
Drupal
added 2023/03/15 12:0 a.m.16 views

Media Responsive Thumbnail - Moderately critical - Information disclosure - SA-CONTRIB-2023-010

The Media Responsive Thumbnail module allows media reference fields to be rendered as a responsive image. This module does not properly check entity access prior to rendering media. This may result in users seeing thumbnails of media items they do not have access to. This release was coordinated...

6.6AI score
Exploits0References10
Drupal
Drupal
added 2023/01/18 12:0 a.m.17 views

Media Library Form API Element - Moderately critical - Information Disclosure - SA-CONTRIB-2023-004

This module enables you to use the media library in custom forms without the Media Library Widget. The module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The...

6.5AI score
Exploits0References10
Drupal
Drupal
added 2023/01/18 12:0 a.m.68 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2023-001

The Media Library module does not properly check entity access in some circumstances. This may result in users with access to edit content seeing metadata about media items they are not authorized to access. The vulnerability is mitigated by the fact that the inaccessible media will only be visib...

4.6AI score
Exploits0References14
Drupal
Drupal
added 2023/01/18 12:0 a.m.17 views

Media Library Block - Moderately critical - Information Disclosure - SA-CONTRIB-2023-003

The Media Library Block module allows you to render a media entity in a block. The module does not properly check media access in some circumstances. This may result in unauthorized users including anonymous users seeing media items they are not authorized to access if a block containing a...

6.3AI score
Exploits0References9
Drupal
Drupal
added 2022/11/30 12:0 a.m.17 views

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061

Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...

6.3AI score
Exploits0References9
Drupal
Drupal
added 2022/08/24 12:0 a.m.21 views

Commerce Elavon - Moderately critical - Access bypass - SA-CONTRIB-2022-053

This module enables you to accept payments from the Elavon payment provider. The module doesn't sufficiently verify that it's communicating with the correct server when using the Elavon On-site payment gateway, which could lead to leaking valid payment details as well as accepting invalid payment...

6.4AI score
Exploits0References6
Friends Of PHP
Friends Of PHP
added 2022/07/20 10:11 a.m.19 views

Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

More info at https://www.drupal.org/sa-core-2022-013...

6.5CVSS7.2AI score0.0059EPSS
Exploits0Affected Software1
Drupal
Drupal
added 2022/07/20 12:0 a.m.37 views

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2022-015

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. This advisory is not covere...

6.1CVSS3.3AI score0.00526EPSS
Exploits0References16
Drupal
Drupal
added 2022/02/16 12:0 a.m.61 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2022-004

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS2.5AI score0.00769EPSS
Exploits0References18
Drupal
Drupal
added 2022/01/25 12:0 a.m.15 views

Navbar - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-011

This module provides a very simple, mobile-friendly navigation toolbar. The module doesn't sufficiently check for user-provided input. This vulnerability is mitigated by the fact that an attacker must have the ability to post content using a text format like the default "Filtered HTML" format tha...

6.5AI score
Exploits0References4
Rows per page
Query Builder