4 matches found
CVE-2015-3378
CVE-2015-3378 describes an open redirect vulnerability in the Drupal Views module (versions 6.x prior to 6.x-2.18, 6.x-3.x prior to 6.x-3.2, and 7.x prior to 7.x-3.10) when the Views UI submodule is enabled. The underlying issue is an unsanitized URL handling path used to break the lock on edited...
CVE-2015-3379
CVE-2015-3379 affects Drupal Views module. The vulnerability arises because default Views configurations are not properly restricted, allowing remote authenticated users to obtain sensitive information via unspecified vectors. Affected are Views 6.x-2.x before 6.x-2.18, 6.x-3.x before 6.x-3.2, an...
CVE-2013-1887
The CVE affects Drupal's Views module (7.x-3.x) prior to 7.x-3.6. The vulnerability arises from insufficient sanitization of certain view configuration fields, enabling remote authenticated users with specific permissions to inject arbitrary web script or HTML (XSS). The attacker would exploit th...
CVE-2015-5490
The CVE-2015-5490 vulnerability affects the Drupal Views module (7.x-3.x) specifically versions 7.x-3.5 through 7.x-3.10. The root cause is that _views_fetch_data in includes/cache.inc does not rebuild the full cache when the static cache is non-empty, allowing remote attackers to bypass configur...