CVE-2015-3386

Cross-site scripting XSS vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

Cross site scripting

Cross-site scripting XSS vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3386

Cross-site scripting XSS vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3386

CVE-2015-3386 is an XSS vulnerability in the Node Access Product module for Drupal. It allows remote authenticated users to inject arbitrary script/HTML via a node title. Affected: all versions of the Node Access Product module. Root cause: insufficient sanitization of node titles. Impact: potent...

Drupal Node Access Product Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Node Access Product is one of the node access modules. A cross-site scripting vulnerability exists in the Drupal Node Access Product module, which stems from the program's failure to...

SA-CONTRIB-2015-045 - Node Access Product - Cross Site Scripting (XSS) - Unsupported

The Node Access Product module provides 'Node access' settings for product nodes, whereby users who purchase the product are granted view access to content, which can be predefined either by taxonomy, by node, or by Views. The module doesn't sufficiently sanitize node titles leading to the...

SA-CONTRIB-2014-072 - Freelinking, Freelinking Case Tracker - Access bypass

The freelinking and freelinking case tracker modules implement a filter for the easier creation of HTML links to other pages in the site or external sites with a wiki style format such as pluginname:identifier. The module doesn't sufficiently check access to content when displaying links to nodes...

SA-CONTRIB-2014-066 - Node Access Keys - Access Bypass

Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. It was found that unpublished nodes of content types that that did not have an access key were visible to all. Also, If an unpublished node of a content type that was protected by ...

Information disclosure

The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors...

Authentication flaw

The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing...

CVE-2013-4596

The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing...

CVE-2013-4596

The CVE-2013-4596 entry concerns Drupal’s Node Access Keys module (7.x-1.x) prior to 7.x-1.1. The vulnerability arises from insufficient permission checks, allowing remote attackers to bypass access restrictions via a node listing. Affected version: Node Access Keys 7.x-1.0 (Drupal 7). The issue ...

SA-CONTRIB-2014-032 - Xapian integration - Access Bypass

This module enables you to use Xapian system to do searches of a Xapian index from within drupal. The module doesn't verify node access rights when a node is loaded for display after the search happened in Xapian. This vulnerability is mitigated by the fact that the system must be using a node...

SA-CONTRIB-2014-009 - Tagadelic - Information Disclosure

This module provides an API and a few simple turnkey modules, which allows you to easily create tagclouds, weighted lists, search-clouds and such. The 6.x-1.x version does not account for node access modules, thus leading to information being disclosed. This vulnerability is mitigated by the fact...

CVE-2013-6123

Multiple array index errors in drivers/media/video/msm/server/msmcamserver.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node...

SA-CONTRIB-2013-089 - Node Access Keys - Access Bypass

Node Access Keys helps to grant users temporary view permissions to selected content types on a per user role basis. However, it only implements hooknodeaccess and not hookqueryalter, which means any listing of nodes does not respect the node view access. CVE identifiers issued CVE-2013-4596...

CVE-2013-2123

The CVE-2013-2123 issue affects the Drupal module Node access user reference (nodeaccess_userreference) for Drupal 6.x-3.x (before 6.x-3.5) and Drupal 7.x-3.x (before 7.x-3.10). The root cause is inadequate access restriction for content containing a user reference field when author update/delete...

Design/Logic Flaw

The Chaos Tool Suite ctools module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list...

CVE-2013-1925

CVE-2013-1925 affects the Chaos Tool Suite (ctools) for Drupal, specifically 7.x-1.x prior to 7.x-1.3. The vulnerability arises because the module does not properly restrict node access when generating an autocomplete list of suggested node titles, potentially exposing restricted titles to remote...

CVE-2013-1925

The Chaos Tool Suite ctools module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list...