8 matches found
CVE-2025-31685
CVE-2025-31685 affects Drupal Open Social. A Missing Authorization vulnerability allows Forceful Browsing across Open Social versions affected: 0.0.0–12.3.10 and 12.4.0–12.4.9. Root cause is lack of proper access control, enabling unauthenticated access to otherwise restricted resources. Reported...
CVE-2025-31686
CVE-2025-31686 concerns Drupal Open Social. Multiple connected sources confirm a Missing Authorization vulnerability allowing Forceful Browsing in Open Social variants: 0.0.0…12.3.10 and 12.4.0…12.4.9. Root cause is lack of authorization checks enabling access to restricted resources. Impact desc...
CVE-2024-13240
Open Social in Drupal is affected by an improper access control issue that allows collecting data from common resource locations. Affected versions are 0.0.0 through 12.04, with remediation recommended by PT-2024-10359 to update to a version later than 12.04. The issue is described across multipl...
CVE-2024-13273
Open Social (a Drupal distribution) is affected by CVE-2024-13273 due to improper input neutralization during web page generation, enabling Cross-Site Scripting (XSS). Affected versions are 0.0.0–12.3.8, 12.4.0–12.4.5, and 13.0.0–13.0.0-alpha11. The issue stems from insufficient validation in Ope...
CVE-2024-13241
CVE-2024-13241 affects the Drupal Open Social distribution. Open Social versions 0.0.0 through 12.0.4 contain an improper authorization flaw that enables collecting data from common resource locations, resulting in information disclosure. The vulnerability is tied to the authorization controls in...
CVE-2024-13312
CVE-2024-13312 affects the Drupal Open Social distribution. A missing authorization vulnerability allows forceful browsing / unauthorized access to restricted functionality in Open Social versions 11.8.0–12.3.9 and 12.4.0–12.4.8. The cited advisories indicate the issue stems from improper access ...
CVE-2024-13274
CVE-2024-13274 affects Drupal Open Social, specifically versions prior to 12.3.8 and prior to 12.4.5. The root cause is improper validation of flood control limits on the password reset form, enabling potential abuse that could lead to a Denial of Service. Public references from Drupal advisories...
CVE-2025-48921
CVE-2025-48921 concerns a Cross-Site Request Forgery (CSRF) vulnerability in the Drupal Open Social distribution. Affected versions are Open Social 0.0.0–12.3.13 and 12.4.0–12.4.12. The root cause is inadequate CSRF protection on certain routes, which could allow an attacker to trick authenticate...