3 matches found
yellowatch.com Improper Access Control vulnerability OBB-3817065
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2013-0225
The CVE-2013-0225 entry concerns the Drupal User Relationships contributed module, not Drupal core. Affected versions are 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5. The root cause is insufficient escaping of the relationship name, allowing remote authenticated users with the "admin...
SA-CONTRIB-2013-007 User Relationships - Cross Site Scripting (XSS)
The User Relationships module allows you to create multiple relationship types and maintain relationships between users in your Drupal site. The module does not sufficiently escape relationship names before display. This allows users with the correct permissions to create relationship names...