Drupal Node Embed Module Remote Denial of Service Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Node Embed is one of the node modules used to integrate CKEditor's input filters into the content editor and embed them within the body of the article. A remote denial of service...

Node Embed - Less critical - Denial of Service - SA-CONTRIB-2016-034

This module enables you to embed the contents of one node in the body field of another. The module doesn't sufficiently protect against a node being embedded in itself, or a loop being created of one node being embedded in another which is then itself embedded in the first node. This vulnerabilit...

CVE-2012-2722

The node selection interface in the WYSIWYG editor CKEditor in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles...

Design/Logic Flaw

The node selection interface in the WYSIWYG editor CKEditor in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles...

CVE-2012-2722

The node selection interface in the WYSIWYG editor CKEditor in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles...

CVE-2012-2722

The CVE-2012-2722 issue affects the Drupal Node Embed module (CKEditor-based node picker). The vulnerability is a permissions-check bypass in the node selection interface, allowing remote readers to view node titles without proper access. Affected versions are Node Embed 6.x-1.x before 6.x-1.5 an...

SA-CONTRIB-2012-093 - Node Embed - Access Bypass

Node Embed gives content editors an interface for selecting and embedding nodes using a WYSIWYG editor. The interface for selecting nodes is a page that had no access check, allowing users to view node titles they might not have access to. This issue only affects your site if you have unpublished...