3 matches found
SA-CONTRIB-2012-134 - Views - Privilege Escalation
The Views module provides a flexible method for Drupal site designers to control how lists and tables of content, users, taxonomy terms and other data are presented. The module incorrectly modifies the global user object in some situations when a view has a uid argument and performs validation on...
SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass
Drupal Commons is a ready-to-use solution for building either internal or external communities. The Drupal Commons feature a central module in the distribution includes a listing of recent comments on discussions. This listing of comments is powered by a view that doesn't fully enforce node acces...
SA-CONTRIB-2012-011 - Panels - Cross Site Scripting (XSS)
CVE: CVE-2012-0914 The Panels module allows a site administrator to create customized layouts for multiple uses. The module doesn't sufficiently sanitize administrator supplied data. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer pane...