2 matches found
Drupal Entity API Module Security Bypass Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. entity API is one of the API modules that can handle entities and attributes in a unified way. entity wrapper access API is one of the entity wrapper access API application program...
DRUPAL-CONTRIB-2018-008
This module enables you to show referenced entities in tabs. The module doesn't sufficiently sanitize the body fields of the referenced entities when it prints them to the tabs. This vulnerability is mitigated by the fact that an attacker must have a role with the permission create/edit content o...