- Home
- CVEs with nessus.description==The remote web server is running a version of Drupal that is 7.x prior to 7.38. It is, therefore, potentially affected by the following vulnerabilities :
- An open redirect vulnerability exists due to improper validation of user-supplied input to the 'destinations' parameter in the Field UI module. A remote attacker can exploit this issue, via a specially crafted URL, to redirect users to a third-party website. (CVE-2015-3231)
- An open redirect vulnerability exists due to improper validation of URLs prior displaying their contents via the Overlay module on administrative pages.
(CVE-2015-3232)
- An information disclosure vulnerability exists due to a flaw in the render cache system. An attacker can exploit this flaw to view private content of arbitrary users.
(CVE-2015-3233)
- A security bypass vulnerability exists due to a flaw in the OpenID module. A remote attacker can exploit this flaw to log in as other users, including administrators.
Note that victims must have an existing OpenID account from a particular set of OpenID providers including, but not limited to, Verisign, LiveJournal, or StackExchange. (CVE-2015-3234)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top