4 matches found
SA-CONTRIB-2013-049 - Node access user reference - Access Bypass
This module allows different access permissions to be given to authors, referenced users and non-referenced users. When an author has created content containing a user reference field with author update/delete grants enabled and the author's user account is later deleted, content created by them...
SA-CONTRIB-2012-111 - Security Questions - Access Bypass
This module provides administrator configurable challenge questions for use during the log in and password reset processes. The module doesn't perform a proper access check, allowing a users' questions and answers to be edited by other users including anonymous users. CVE: CVE-2012-4475 Versions...
SA-CONTRIB-2012-109 - Restrict node page view - Access bypass
This module enables you to disable direct access to node pages node/XXX based on nodetypes and permissions. The module issues a NODEACCESSALLOW if it's permissions are met, but does not respect the "administer nodes" or "access own unpublished content" permissions. The consequence is that this...
SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)
CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...