2 matches found
CVE-2015-5498
The Shipwire Drupal module 7.x-1.x is vulnerable (before 7.x-1.03) because it does not enforce the view permission for the shipments overview (admin/shipwire/shipments), allowing remote access to sensitive information. Affected: Shipwire 7.x-1.x prior to 7.x-1.03. Exploitation details are not pro...
Shipwire - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111
The Shipwire API module handles communication with the Shipwire shipping service. The Shipwire module doesn't check view permission for the shipments overview page when installed admin/shipwire/shipments. Limited non-public information is displayed on the page. CVE identifiers issued CVE-2015-549...