DRUPAL-CONTRIB-2025-099

This module enables you to to easily create and manage faceted search interfaces. The module doesn't sufficiently check access to entities when they are displayed as facets. This vulnerability is mitigated by the fact that only sites that show facets with entity labels like taxonomy terms are...

CVE-2013-7391

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the a Views field or b area plugins, allows remote attackers to read restricted entities via the 1 field, 2 header, or 3 footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher...

Design/Logic Flaw

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the a Views field or b area plugins, allows remote attackers to read restricted entities via the 1 field, 2 header, or 3 footer of a View. NOTE: this identifier was SPLIT from CVE-2013-4273 per ADT5 due to different researcher...

CVE-2013-7391

The vulnerability CVE-2013-7391 affects the Drupal contributed Entity API module (7.x-1.x) prior to 7.x-1.2. When using the Views field or area plugins, it allows remote attackers to read restricted entities via the View’s field, header, or footer. This is caused by insufficient access checks in ...