| Max CVSS | 5.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-7391 | 5.0 |
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) footer of a View. NOTE: this identifier was SPLIT
|
27-02-2015 - 17:42 | 19-07-2014 - 18:55 | |
| CVE-2013-4273 | 4.0 |
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to differen
|
27-02-2015 - 17:42 | 19-07-2014 - 18:55 | |
| CVE-2013-4272 | 4.3 |
The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain se
|
05-09-2013 - 15:41 | 28-08-2013 - 22:55 | |
| CVE-2013-4274 | 2.1 |
Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Ad
|
29-08-2013 - 17:21 | 28-08-2013 - 22:55 |