Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    16 vulnerabilities found for Open Social by Drupal

    CVE-2025-48921 (GCVE-0-2025-48921)

    Vulnerability from nvd – Published: 2025-06-26 13:32 – Updated: 2025-06-26 17:46
    VLAI
    Title
    Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.14 (semver)
    Affected: 12.4.0 , < 12.4.13 (semver)
    Create a notification for this product.
    Date Public
    2025-06-25 18:41
    Credits
    Ivo Van Geertruyen (mr.baileys) Alexander Varwijk (kingdutch) Robert Ragas (robertragas) Greg Knaddison (greggles)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-26T17:46:07.545071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-26T17:46:14.613Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.14",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.13",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ivo  Van Geertruyen (mr.baileys)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Alexander Varwijk (kingdutch)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Robert Ragas (robertragas)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            }
          ],
          "datePublic": "2025-06-25T18:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T13:32:44.948Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-079"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-48921",
        "datePublished": "2025-06-26T13:32:44.948Z",
        "dateReserved": "2025-05-28T14:59:40.501Z",
        "dateUpdated": "2025-06-26T17:46:14.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31686 (GCVE-0-2025-31686)

    Vulnerability from nvd – Published: 2025-03-31 21:44 – Updated: 2025-04-29 15:29
    VLAI
    Title
    Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015
    Summary
    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.11 (semver)
    Affected: 12.4.0 , < 12.4.10 (semver)
    Create a notification for this product.
    Date Public
    2025-02-12 17:37
    Credits
    Robert Ragas (robertragas) zanvidmar Denis Kolmerschlag (uber_denis) zanvidmar Greg Knaddison (greggles)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T15:28:34.342108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:29:04.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.10",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Ragas (robertragas)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Denis Kolmerschlag (uber_denis)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            }
          ],
          "datePublic": "2025-02-12T17:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:44:08.763Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-015"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31686",
        "datePublished": "2025-03-31T21:44:08.763Z",
        "dateReserved": "2025-03-31T21:30:15.360Z",
        "dateUpdated": "2025-04-29T15:29:04.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31685 (GCVE-0-2025-31685)

    Vulnerability from nvd – Published: 2025-03-31 21:43 – Updated: 2025-04-29 15:31
    VLAI
    Title
    Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014
    Summary
    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.11 (semver)
    Affected: 12.4.0 , < 12.4.10 (semver)
    Create a notification for this product.
    Date Public
    2025-02-12 17:37
    Credits
    Robert Ragas (robertragas) zanvidmar Denis Kolmerschlag (uber_denis) zanvidmar Greg Knaddison (greggles)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T15:29:45.781392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:31:06.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.10",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Ragas (robertragas)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Denis Kolmerschlag (uber_denis)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            }
          ],
          "datePublic": "2025-02-12T17:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:43:27.662Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-014"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31685",
        "datePublished": "2025-03-31T21:43:27.662Z",
        "dateReserved": "2025-03-31T21:30:15.360Z",
        "dateUpdated": "2025-04-29T15:31:06.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13312 (GCVE-0-2024-13312)

    Vulnerability from nvd – Published: 2025-01-09 20:28 – Updated: 2025-01-31 15:50
    VLAI
    Title
    Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076
    Summary
    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 11.8.0 , < 12.3.10 (semver)
    Affected: 12.4.0 , < 12.4.9 (semver)
    Create a notification for this product.
    Date Public
    2024-12-11 16:53
    Credits
    corn696 corn696 Robert Ragas Greg Knaddison
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T15:50:32.397333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T15:50:36.016Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.10",
                  "status": "affected",
                  "version": "11.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.9",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Robert Ragas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            }
          ],
          "datePublic": "2024-12-11T16:53:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.\u003cp\u003eThis issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T20:28:53.431Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-076"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13312",
        "datePublished": "2025-01-09T20:28:53.431Z",
        "dateReserved": "2025-01-09T20:26:30.623Z",
        "dateUpdated": "2025-01-31T15:50:36.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13274 (GCVE-0-2024-13274)

    Vulnerability from nvd – Published: 2025-01-09 19:27 – Updated: 2025-01-14 17:08
    VLAI
    Title
    Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038
    Summary
    Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.8 (semver)
    Affected: 12.4.0 , < 12.4.5 (semver)
    Create a notification for this product.
    Date Public
    2024-09-04 16:20
    Credits
    vnech Ronald te Brake vnech Greg Knaddison Juraj Nemec Heine Deelstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T17:08:00.440414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T17:08:25.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.5",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vnech"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Ronald te Brake"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "vnech"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Heine Deelstra"
            }
          ],
          "datePublic": "2024-09-04T16:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799 Improper Control of Interaction Frequency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T19:27:04.989Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-038"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13274",
        "datePublished": "2025-01-09T19:27:04.989Z",
        "dateReserved": "2025-01-09T18:28:09.371Z",
        "dateUpdated": "2025-01-14T17:08:25.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13273 (GCVE-0-2024-13273)

    Vulnerability from nvd – Published: 2025-01-09 19:26 – Updated: 2025-01-09 21:11
    VLAI
    Title
    Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.8 (semver)
    Affected: 12.4.0 , < 12.4.5 (semver)
    Create a notification for this product.
    Date Public
    2024-09-04 16:15
    Credits
    Thiago Régis Thiago Régis Ronald te Brake Greg Knaddison Juraj Nemec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T20:53:38.789963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T21:11:27.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.5",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thiago R\u00e9gis"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Thiago R\u00e9gis"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Ronald te Brake"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            }
          ],
          "datePublic": "2024-09-04T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T19:26:21.730Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-037"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13273",
        "datePublished": "2025-01-09T19:26:21.730Z",
        "dateReserved": "2025-01-09T18:28:08.407Z",
        "dateUpdated": "2025-01-09T21:11:27.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13241 (GCVE-0-2024-13241)

    Vulnerability from nvd – Published: 2025-01-09 18:47 – Updated: 2025-01-10 17:14
    VLAI
    Title
    Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005
    Summary
    Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.0.5 (semver)
    Create a notification for this product.
    Date Public
    2024-01-24 15:47
    Credits
    Taras Kruts SV Taras Kruts Ronald te Brake Damien McKenna Greg Knaddison
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:13:55.574284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T17:14:22.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.0.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Taras Kruts"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "SV"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Taras Kruts"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Ronald te Brake"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Damien McKenna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            }
          ],
          "datePublic": "2024-01-24T15:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.0.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-150",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-150 Collect Data from Common Resource Locations"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T18:47:46.096Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-005"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13241",
        "datePublished": "2025-01-09T18:47:46.096Z",
        "dateReserved": "2025-01-09T18:27:02.142Z",
        "dateUpdated": "2025-01-10T17:14:22.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13240 (GCVE-0-2024-13240)

    Vulnerability from nvd – Published: 2025-01-09 18:46 – Updated: 2025-01-10 17:16
    VLAI
    Title
    Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004
    Summary
    Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.05 (semver)
    Create a notification for this product.
    Date Public
    2024-01-24 15:45
    Credits
    Corn696 Corn696 Tiago Siqueira Robert Ragas Damien McKenna Greg Knaddison
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:14:59.141327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T17:16:11.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.05",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Tiago Siqueira"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Robert Ragas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Damien McKenna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            }
          ],
          "datePublic": "2024-01-24T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.05.\u003c/p\u003e"
                }
              ],
              "value": "Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-150",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-150 Collect Data from Common Resource Locations"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T18:46:57.503Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13240",
        "datePublished": "2025-01-09T18:46:57.503Z",
        "dateReserved": "2025-01-09T18:27:00.742Z",
        "dateUpdated": "2025-01-10T17:16:11.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-48921 (GCVE-0-2025-48921)

    Vulnerability from cvelistv5 – Published: 2025-06-26 13:32 – Updated: 2025-06-26 17:46
    VLAI
    Title
    Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.14 (semver)
    Affected: 12.4.0 , < 12.4.13 (semver)
    Create a notification for this product.
    Date Public
    2025-06-25 18:41
    Credits
    Ivo Van Geertruyen (mr.baileys) Alexander Varwijk (kingdutch) Robert Ragas (robertragas) Greg Knaddison (greggles)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-48921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-26T17:46:07.545071Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-26T17:46:14.613Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.14",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.13",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ivo  Van Geertruyen (mr.baileys)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Alexander Varwijk (kingdutch)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Robert Ragas (robertragas)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            }
          ],
          "datePublic": "2025-06-25T18:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-62 Cross Site Request Forgery"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-26T13:32:44.948Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-079"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-48921",
        "datePublished": "2025-06-26T13:32:44.948Z",
        "dateReserved": "2025-05-28T14:59:40.501Z",
        "dateUpdated": "2025-06-26T17:46:14.613Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31686 (GCVE-0-2025-31686)

    Vulnerability from cvelistv5 – Published: 2025-03-31 21:44 – Updated: 2025-04-29 15:29
    VLAI
    Title
    Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015
    Summary
    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.11 (semver)
    Affected: 12.4.0 , < 12.4.10 (semver)
    Create a notification for this product.
    Date Public
    2025-02-12 17:37
    Credits
    Robert Ragas (robertragas) zanvidmar Denis Kolmerschlag (uber_denis) zanvidmar Greg Knaddison (greggles)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31686",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T15:28:34.342108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:29:04.156Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.10",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Ragas (robertragas)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Denis Kolmerschlag (uber_denis)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            }
          ],
          "datePublic": "2025-02-12T17:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:44:08.763Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-015"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Less critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-015",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31686",
        "datePublished": "2025-03-31T21:44:08.763Z",
        "dateReserved": "2025-03-31T21:30:15.360Z",
        "dateUpdated": "2025-04-29T15:29:04.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-31685 (GCVE-0-2025-31685)

    Vulnerability from cvelistv5 – Published: 2025-03-31 21:43 – Updated: 2025-04-29 15:31
    VLAI
    Title
    Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014
    Summary
    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.11 (semver)
    Affected: 12.4.0 , < 12.4.10 (semver)
    Create a notification for this product.
    Date Public
    2025-02-12 17:37
    Credits
    Robert Ragas (robertragas) zanvidmar Denis Kolmerschlag (uber_denis) zanvidmar Greg Knaddison (greggles)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-31685",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T15:29:45.781392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T15:31:06.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.10",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Robert Ragas (robertragas)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Denis Kolmerschlag (uber_denis)"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "zanvidmar"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison (greggles)"
            }
          ],
          "datePublic": "2025-02-12T17:37:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-31T21:43:27.662Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2025-014"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2025-31685",
        "datePublished": "2025-03-31T21:43:27.662Z",
        "dateReserved": "2025-03-31T21:30:15.360Z",
        "dateUpdated": "2025-04-29T15:31:06.666Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13312 (GCVE-0-2024-13312)

    Vulnerability from cvelistv5 – Published: 2025-01-09 20:28 – Updated: 2025-01-31 15:50
    VLAI
    Title
    Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076
    Summary
    Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 11.8.0 , < 12.3.10 (semver)
    Affected: 12.4.0 , < 12.4.9 (semver)
    Create a notification for this product.
    Date Public
    2024-12-11 16:53
    Credits
    corn696 corn696 Robert Ragas Greg Knaddison
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13312",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T15:50:32.397333Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-31T15:50:36.016Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.10",
                  "status": "affected",
                  "version": "11.8.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.9",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Robert Ragas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            }
          ],
          "datePublic": "2024-12-11T16:53:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.\u003cp\u003eThis issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-87",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-87 Forceful Browsing"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T20:28:53.431Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-076"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13312",
        "datePublished": "2025-01-09T20:28:53.431Z",
        "dateReserved": "2025-01-09T20:26:30.623Z",
        "dateUpdated": "2025-01-31T15:50:36.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13274 (GCVE-0-2024-13274)

    Vulnerability from cvelistv5 – Published: 2025-01-09 19:27 – Updated: 2025-01-14 17:08
    VLAI
    Title
    Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038
    Summary
    Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-799 - Improper Control of Interaction Frequency
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.8 (semver)
    Affected: 12.4.0 , < 12.4.5 (semver)
    Create a notification for this product.
    Date Public
    2024-09-04 16:20
    Credits
    vnech Ronald te Brake vnech Greg Knaddison Juraj Nemec Heine Deelstra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T17:08:00.440414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T17:08:25.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.5",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "vnech"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Ronald te Brake"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "vnech"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Heine Deelstra"
            }
          ],
          "datePublic": "2024-09-04T16:20:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-212",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-212 Functionality Misuse"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-799",
                  "description": "CWE-799 Improper Control of Interaction Frequency",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T19:27:04.989Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-038"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13274",
        "datePublished": "2025-01-09T19:27:04.989Z",
        "dateReserved": "2025-01-09T18:28:09.371Z",
        "dateUpdated": "2025-01-14T17:08:25.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13273 (GCVE-0-2024-13273)

    Vulnerability from cvelistv5 – Published: 2025-01-09 19:26 – Updated: 2025-01-09 21:11
    VLAI
    Title
    Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.3.8 (semver)
    Affected: 12.4.0 , < 12.4.5 (semver)
    Create a notification for this product.
    Date Public
    2024-09-04 16:15
    Credits
    Thiago Régis Thiago Régis Ronald te Brake Greg Knaddison Juraj Nemec
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-09T20:53:38.789963Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-09T21:11:27.090Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.3.8",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "12.4.5",
                  "status": "affected",
                  "version": "12.4.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thiago R\u00e9gis"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Thiago R\u00e9gis"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Ronald te Brake"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Juraj Nemec"
            }
          ],
          "datePublic": "2024-09-04T16:15:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-63",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-63 Cross-Site Scripting (XSS)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T19:26:21.730Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-037"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13273",
        "datePublished": "2025-01-09T19:26:21.730Z",
        "dateReserved": "2025-01-09T18:28:08.407Z",
        "dateUpdated": "2025-01-09T21:11:27.090Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13241 (GCVE-0-2024-13241)

    Vulnerability from cvelistv5 – Published: 2025-01-09 18:47 – Updated: 2025-01-10 17:14
    VLAI
    Title
    Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005
    Summary
    Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.0.5 (semver)
    Create a notification for this product.
    Date Public
    2024-01-24 15:47
    Credits
    Taras Kruts SV Taras Kruts Ronald te Brake Damien McKenna Greg Knaddison
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:13:55.574284Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T17:14:22.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.0.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Taras Kruts"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "SV"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Taras Kruts"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Ronald te Brake"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Damien McKenna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            }
          ],
          "datePublic": "2024-01-24T15:47:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.0.5.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-150",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-150 Collect Data from Common Resource Locations"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285 Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T18:47:46.096Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-005"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13241",
        "datePublished": "2025-01-09T18:47:46.096Z",
        "dateReserved": "2025-01-09T18:27:02.142Z",
        "dateUpdated": "2025-01-10T17:14:22.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13240 (GCVE-0-2024-13240)

    Vulnerability from cvelistv5 – Published: 2025-01-09 18:46 – Updated: 2025-01-10 17:16
    VLAI
    Title
    Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004
    Summary
    Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Drupal Open Social Affected: 0.0.0 , < 12.05 (semver)
    Create a notification for this product.
    Date Public
    2024-01-24 15:45
    Credits
    Corn696 Corn696 Tiago Siqueira Robert Ragas Damien McKenna Greg Knaddison
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-10T17:14:59.141327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-10T17:16:11.166Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.drupal.org/project/social",
              "defaultStatus": "unaffected",
              "product": "Open Social",
              "repo": "https://git.drupalcode.org/project/social",
              "vendor": "Drupal",
              "versions": [
                {
                  "lessThan": "12.05",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Corn696"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Tiago Siqueira"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Robert Ragas"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Damien McKenna"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Greg Knaddison"
            }
          ],
          "datePublic": "2024-01-24T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.\u003cp\u003eThis issue affects Open Social: from 0.0.0 before 12.05.\u003c/p\u003e"
                }
              ],
              "value": "Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-150",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-150 Collect Data from Common Resource Locations"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-09T18:46:57.503Z",
            "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
            "shortName": "drupal"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-contrib-2024-004"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "assignerShortName": "drupal",
        "cveId": "CVE-2024-13240",
        "datePublished": "2025-01-09T18:46:57.503Z",
        "dateReserved": "2025-01-09T18:27:00.742Z",
        "dateUpdated": "2025-01-10T17:16:11.166Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }