|
270441
|
- |
|
navigate_project
|
navigate
|
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5500
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270442
|
- |
|
navigate_project
|
navigate
|
The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate vie…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5499
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270443
|
- |
|
shipwire_api_project
|
shipwire_api
|
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5498
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270444
|
- |
|
web_links_project
|
web_links
|
Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5497
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270445
|
- |
|
pass2pdf_project
|
pass2pdf
|
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5496
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270446
|
- |
|
mobile_sliding_menu_project
|
mobile_sliding_menu
|
Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5495
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270447
|
- |
|
webform_matrix_component_project
|
webform_matrix_component
|
Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5494
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270448
|
- |
|
entityform_block_project
|
entityform_block
|
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityform…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5493
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270449
|
- |
|
video_consultation_project
|
video_consultation
|
Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-5492
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270450
|
- |
|
dynamic_display_block_project
|
dynamic_display_block
|
The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddb…
|
CWE-200
Information Exposure
|
CVE-2015-5491
|
2024-11-21 11:33 |
2015-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
