CVE-2015-3370

CVE-2015-3370 — Drupal Node Invite CSRF : A CSRF in the Drupal Node Invite module (6.x prior to 6.x-2.5) allows remote attackers to hijack the authentication of users who have the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via unspecified vectors. Affe...

CVE-2015-3371

The CVE-2015-3371 Open Redirect vulnerability affects the Drupal Node Invite module up to 6.x-2.x, specifically versions prior to 6.x-2.5. The issue arises from the destination parameter, allowing remote attackers to redirect users to arbitrary websites, enabling phishing. Affected component: Nod...

CVE-2015-3372

The Drupal Node Invite module (6.x) is vulnerable prior to 6.x-2.5: an XSS flaw allows remote authenticated users to inject script/HTML via a node title. Additional issues include CSRF exposure and an open redirect vulnerability. Affected versions: Node Invite 6.x-2.x before 6.x-2.5; Drupal core ...