Lucene search
K
GetopensocialOpen Social

8 matches found

CVE
CVE
added 2025/03/31 9:43 p.m.71 views

CVE-2025-31685

CVE-2025-31685 affects Drupal Open Social. A Missing Authorization vulnerability allows Forceful Browsing across Open Social versions affected: 0.0.0–12.3.10 and 12.4.0–12.4.9. Root cause is lack of proper access control, enabling unauthenticated access to otherwise restricted resources. Reported...

9.1CVSS6.6AI score0.00363EPSS
CVE
CVE
added 2025/03/31 9:44 p.m.64 views

CVE-2025-31686

CVE-2025-31686 concerns Drupal Open Social. Multiple connected sources confirm a Missing Authorization vulnerability allowing Forceful Browsing in Open Social variants: 0.0.0…12.3.10 and 12.4.0…12.4.9. Root cause is lack of authorization checks enabling access to restricted resources. Impact desc...

8.1CVSS6.6AI score0.00382EPSS
CVE
CVE
added 2025/01/09 6:46 p.m.57 views

CVE-2024-13240

Open Social in Drupal is affected by an improper access control issue that allows collecting data from common resource locations. Affected versions are 0.0.0 through 12.04, with remediation recommended by PT-2024-10359 to update to a version later than 12.04. The issue is described across multipl...

7.5CVSS6.6AI score0.00362EPSS
CVE
CVE
added 2025/01/09 7:26 p.m.57 views

CVE-2024-13273

Open Social (a Drupal distribution) is affected by CVE-2024-13273 due to improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0–12.3.8, 12.4.0–12.4.5, and 13.0.0–13.0.0-alpha11. The issue stems from insufficient validation in Ope...

5.4CVSS6.2AI score0.0021EPSS
CVE
CVE
added 2025/01/09 6:47 p.m.55 views

CVE-2024-13241

CVE-2024-13241 affects the Drupal Open Social distribution. Open Social versions 0.0.0 through 12.0.4 contain an improper authorization flaw that enables collecting data from common resource locations, resulting in information disclosure. The vulnerability is tied to the authorization controls in...

9.1CVSS6.6AI score0.00341EPSS
CVE
CVE
added 2025/01/09 8:28 p.m.53 views

CVE-2024-13312

CVE-2024-13312 affects the Drupal Open Social distribution. A missing authorization vulnerability allows forceful browsing / unauthorized access to restricted functionality in Open Social versions 11.8.0–12.3.9 and 12.4.0–12.4.8. The cited advisories indicate the issue stems from improper access ...

5.3CVSS7.2AI score0.00292EPSS
CVE
CVE
added 2025/01/09 7:27 p.m.51 views

CVE-2024-13274

CVE-2024-13274 affects Drupal Open Social, specifically versions prior to 12.3.8 and prior to 12.4.5. The root cause is improper validation of flood control limits on the password reset form, enabling potential abuse that could lead to a Denial of Service. Public references from Drupal advisories...

5.3CVSS6.7AI score0.00349EPSS
CVE
CVE
added 2025/06/26 1:32 p.m.23 views

CVE-2025-48921

CVE-2025-48921 concerns a Cross-Site Request Forgery (CSRF) vulnerability in the Drupal Open Social distribution. Affected versions are Open Social 0.0.0–12.3.13 and 12.4.0–12.4.12. The root cause is inadequate CSRF protection on certain routes, which could allow an attacker to trick authenticate...

8.8CVSS7.2AI score0.00161EPSS