2 matches found
CVE-2013-0246
The CVE-2013-0246 issue affects Drupal core 7.x prior to 7.19. In the Image module, when a private file system is used, derivative images are not properly protected, allowing remote attackers to read derivative images of restricted images via unspecified vectors. Impact is unauthorized access to ...
SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7. Cross-site scripting Various core and contributed modules - Drupal 6 and 7 A reflected cross-site scripting vulnerability XSS was identified in certain Drupal JavaScript functions that pass unexpected user input in...