3 matches found
DRUPAL-CONTRIB-2023-040
The Data Field module provides a way of building field types that are made up of other fields, a simpler alternative to e.g. the Paragraphs system. Access to these forms isn't properly validated, allowing a user with the "access content" permission to view and edit fields on entities...
Drupal's <= v6.x-1.0 Realname User Reference Widget contributed module
Exploit for unknown platform in category web applications ====================================================================== Drupal's Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily...
SA-CONTRIB-2009-030 - Email Verification - Information disclosure / Cross Site Scripting
The Email Verification module tries to verify user email addresses by talking to the appropriate SMTP host. It also allows the administrator to access a list of not confirmed email addresses. In the Drupal 5 version, this list is only protected by the "access content" permission, hence allowing a...