2 matches found
CVE-2015-8602
The CVE-2015-8602 issue affects the Drupal Token Insert Entity module (7.x-1.x) prior to 7.x-1.1. The vulnerability arises from improper permission checks that let remote authenticated users with certain permissions bypass access restrictions and insert a token that embeds a rendered entity into ...
Token Insert Entity - Moderately Critical - Access bypass and information disclosure - SA-CONTRIB-2015-171
This module offers a WYSIWYG button to embed rendered entities in fields using a WYSIWYG normally the body of a node. There is a vulnerability because a user that can create or edit content and has the "insert entity token" permission can insert tokens relating to e.g. an unpublished node and all...