Lucene search
K

4 matches found

Drupal
Drupal
added 2013/05/29 12:0 a.m.29 views

SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

This module allows different access permissions to be given to authors, referenced users and non-referenced users. When an author has created content containing a user reference field with author update/delete grants enabled and the author's user account is later deleted, content created by them...

5.8CVSS6.3AI score0.01309EPSS
Exploits1References12
Drupal
Drupal
added 2012/07/11 12:0 a.m.19 views

SA-CONTRIB-2012-111 - Security Questions - Access Bypass

This module provides administrator configurable challenge questions for use during the log in and password reset processes. The module doesn't perform a proper access check, allowing a users' questions and answers to be edited by other users including anonymous users. CVE: CVE-2012-4475 Versions...

5CVSS6.5AI score0.01332EPSS
Exploits0References12
Drupal
Drupal
added 2012/07/11 12:0 a.m.13 views

SA-CONTRIB-2012-109 - Restrict node page view - Access bypass

This module enables you to disable direct access to node pages node/XXX based on nodetypes and permissions. The module issues a NODEACCESSALLOW if it's permissions are met, but does not respect the "administer nodes" or "access own unpublished content" permissions. The consequence is that this...

3.5CVSS6.4AI score0.00962EPSS
Exploits0References9
Drupal
Drupal
added 2012/05/09 12:0 a.m.30 views

SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)

CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...

4.3CVSS5.8AI score0.01647EPSS
Exploits0References11
Rows per page
Query Builder