GHSA-6G9H-6V79-W4PC Drupal Users without "Administer comments" can set comment visibility on nodes they can edit

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...

Code injection

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...

CVE-2016-7570

Vulnerability: Drupal 8.x before 8.1.10 exposes a permissions check flaw where users with node-edit rights can alter the visibility of comments on arbitrary nodes. Root cause: improper verification of the Administer comments permission. Impact: authenticated remote attackers could manipulate comm...

SA-CONTRIB-2012-166 - Table of Contents - Access Bypass

This module enables you to generates a list of select header tags in a box that looks like a table of contents or summary. The links added to that box point to the headers so users can quickly access each section of your documents. The module doesn't sufficiently check for node access restriction...