| Max CVSS | 5.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-2559 | 3.5 |
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.
|
05-02-2019 - 18:52 | 25-03-2015 - 14:59 | |
| CVE-2015-2749 | 5.8 |
Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
|
21-09-2017 - 17:06 | 13-09-2017 - 16:29 | |
| CVE-2015-2750 | 5.8 |
Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence.
|
20-09-2017 - 19:15 | 13-09-2017 - 16:29 |