46 matches found
Entity API - Moderately critical - Information Disclosure - SA-CONTRIB-2018-013
The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. The module prints debugging information to the HTML output in certain error conditions thereby causing an information disclosure vulnerability. This...
Fedora 21 : drupal7-entity-1.6-1.fc21 (2015-2849)
7.x-1.6 See SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting XSS Changes since 7.x-1.5 : - by klausi: Sanitize field labels before passing them to the Token API. - Issue 2264079 by Amitaibu, fago: Fixed $wrapper-access might be wrong for single entity reference field. - Issue 2039601 by...
[SECURITY] Fedora 20 Update: drupal7-entity-1.6-1.fc20
This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...
[SECURITY] Fedora 21 Update: drupal7-entity-1.6-1.fc21
This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...
[SECURITY] Fedora 22 Update: drupal7-entity-1.6-1.fc22
This module extends the entity API of Drupal core in order to provide a uni fied way to deal with entities and their properties. Additionally, it provides an entity CRUD controller, which helps simplifying the creation of new entity types. This package provides the following Drupal modules: entit...
CVE-2015-2197
Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...
Cross site scripting
Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...
CVE-2015-2197
Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...
CVE-2015-2197
CVE-2015-2197 affects Drupal’s Entity API module (7.x-1.x) before 7.x-1.6. The vulnerability is an XSS via field labels exposed through the Token API, caused by insufficient sanitization of user-supplied input. Impact: remote authenticated users can inject arbitrary script/HTML. Mitigation: upgra...
Drupal Entity API Module Field Label Cross-Site Scripting Vulnerability
Drupal is an open source content management platform. A cross-site scripting vulnerability exists in the Drupal Entity API module field labels due to the program failing to properly filter user-supplied input. An attacker could be allowed to exploit this vulnerability to steal cookie-based...
SA-CONTRIB-2015-053 - Entity API - Cross Site Scripting (XSS)
The Entity API module extends the entity API of Drupal core in order to provide a unified way to deal with entities and their properties. The module doesn't sufficiently sanitize field labels when exposing them through the Token API thereby exposing a Cross Site Scripting XSS vulnerability. This...
CVE-2013-7391
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the a Views field or b area plugins, allows remote attackers to read restricted entities via the 1 field, 2 header, or 3 footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher...
CVE-2013-4273
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was...
Design/Logic Flaw
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was...
Design/Logic Flaw
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the a Views field or b area plugins, allows remote attackers to read restricted entities via the 1 field, 2 header, or 3 footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher...
CVE-2013-4273
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was...
CVE-2013-7391
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the a Views field or b area plugins, allows remote attackers to read restricted entities via the 1 field, 2 header, or 3 footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher...
CVE-2013-7391
The vulnerability CVE-2013-7391 affects the Drupal contributed Entity API module (7.x-1.x) prior to 7.x-1.2. When using the Views field or area plugins, it allows remote attackers to read restricted entities via the View’s field, header, or footer. This is caused by insufficient access checks in ...
CVE-2013-4273
The Drupal Entity API module (7.x-1.x) before 7.x-1.2 fails to properly enforce access restrictions for node comments when used with Views field/area plugins, allowing remote authenticated users to read restricted comments via a View (and is split from CVE-2013-4273’s View vector). The issue spec...
Fedora Update for drupal7-entity FEDORA-2014-0509
Check for the Version of drupal7-entity OpenVAS Vulnerability Test Fedora Update for drupal7-entity FEDORA-2014-0509 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...