CVE-2013-0225
The CVE-2013-0225 entry concerns the Drupal User Relationships contributed module, not Drupal core. Affected versions are 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5. The root cause is insufficient escaping of the relationship name, allowing remote authenticated users with the "admin...