All the vulnerabilites related to rik_de_boer - revisioning
cve-2012-1635
Vulnerability from cvelistv5
Published
2012-08-28 16:00
Modified
2024-09-16 19:01
Severity ?
EPSS score ?
Summary
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/1407456 | x_refsource_CONFIRM | |
| https://drupal.org/node/1409268 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:01:02.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1407456"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/1409268"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-28T16:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1407456"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/1409268"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1407456",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1407456"
},
{
"name": "https://drupal.org/node/1409268",
"refsource": "MISC",
"url": "https://drupal.org/node/1409268"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1635",
"datePublished": "2012-08-28T16:00:00Z",
"dateReserved": "2012-03-12T00:00:00Z",
"dateUpdated": "2024-09-16T19:01:39.028Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1060
Vulnerability from cvelistv5
Published
2012-02-14 00:00
Modified
2024-09-16 19:24
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupalcode.org/project/revisioning.git/commit/768c882 | x_refsource_CONFIRM | |
| http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability | x_refsource_MISC | |
| http://secunia.com/advisories/47931 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/1433550 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/51923 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/1431114 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/revisioning.git/commit/768c882"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability"
},
{
"name": "47931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1433550"
},
{
"name": "51923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1431114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-14T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/revisioning.git/commit/768c882"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability"
},
{
"name": "47931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1433550"
},
{
"name": "51923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1431114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/revisioning.git/commit/768c882",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/revisioning.git/commit/768c882"
},
{
"name": "http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability"
},
{
"name": "47931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47931"
},
{
"name": "http://drupal.org/node/1433550",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1433550"
},
{
"name": "51923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51923"
},
{
"name": "http://drupal.org/node/1431114",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1431114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-1060",
"datePublished": "2012-02-14T00:00:00Z",
"dateReserved": "2012-02-13T00:00:00Z",
"dateUpdated": "2024-09-16T19:24:24.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4597
Vulnerability from cvelistv5
Published
2014-06-09 19:00
Modified
2024-08-06 16:52
Severity ?
EPSS score ?
Summary
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://drupal.org/node/2135257 | x_refsource_MISC | |
| http://seclists.org/oss-sec/2013/q4/317 | mailing-list, x_refsource_MLIST | |
| https://drupal.org/node/2133555 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:52:26.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://drupal.org/node/2135257"
},
{
"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q4/317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://drupal.org/node/2133555"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://drupal.org/node/2135257"
},
{
"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q4/317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://drupal.org/node/2133555"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/2135257",
"refsource": "MISC",
"url": "https://drupal.org/node/2135257"
},
{
"name": "[oss-security] 20131118 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/317"
},
{
"name": "https://drupal.org/node/2133555",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/2133555"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4597",
"datePublished": "2014-06-09T19:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:52:26.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-06-09 19:55
Modified
2024-11-21 01:55
Severity ?
Summary
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.1 | |
| rik_de_boer | revisioning | 7.x-1.2 | |
| rik_de_boer | revisioning | 7.x-1.3 | |
| rik_de_boer | revisioning | 7.x-1.4 | |
| rik_de_boer | revisioning | 7.x-1.5 | |
| rik_de_boer | revisioning | 7.x-1.x | |
| rik_de_boer | revisioning | 7.x-1.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF52E04C-FA27-4A40-8C65-E3195EFDDBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "BB103093-A42E-42BF-99F6-87E7CFC8B202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "B3FBBCE5-CBE9-44C2-968B-4AC9C3C9BEFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "5BB069EF-CF7C-4E09-A710-C3526E0439B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "39C15145-C442-4DB1-944D-8CAC20D475C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "F5499411-30C0-49AE-A86A-0CAE4776EEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "050AE8CD-38A6-422F-BF37-91562EBA1753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "2126DE43-B110-4091-BF89-89B19A65FFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "39A44978-D60E-4BC8-8686-D37DB1A11E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "88A49A47-BED7-4316-BDB0-B861AF4ACF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DFD9AD40-89F5-45AE-B4A5-090F39E510E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "BFCF6DBC-9791-424B-BC65-DC5C990F9C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "05AEB8FF-3D71-43F0-B315-B85A8088B45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "CE0BAD57-71F6-4D5C-B586-9BFF96A6538C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E7CD6834-3118-4609-8F30-3D539DE57F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B10F2925-F3D6-4221-8925-92D1DD9CA6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "437992A2-01B5-4A8C-ABE5-3E7E575FA19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA56AC18-8534-4A52-8DA8-1295BD42FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F878269-B46B-4FF1-9064-8418878C3716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3076D2-BA31-4F4C-875F-8A0B2042C2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A0F7B-B742-4BB6-BDAA-44780760A4A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B00182-6B47-45E2-8724-3DE4F3CE6E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:*:*:*:*:*:*:*",
"matchCriteriaId": "83906B05-3E19-4B71-994A-2EBCB8792074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "3AEFC2CF-4875-45FC-836A-A7B273CDAE1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Revisioning 7.x-1.x anterior a 7.x-1.6 para Drupal no comprueba debidamente permisos de acceso a nodos para contenidos marcados como no publicados por el m\u00f3dulo Scheduled, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2013-4597",
"lastModified": "2024-11-21T01:55:54.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-09T19:55:09.537",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q4/317"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2133555"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2135257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q4/317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://drupal.org/node/2133555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://drupal.org/node/2135257"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-02-14 00:55
Modified
2024-11-21 01:36
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rik_de_boer | revisioning | 6.x-3.13 | |
| drupal | drupal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:6.x-3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "578F8A5A-B503-42AF-B069-E4D70262FA23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en revisioning_theme.inc en el m\u00f3dulo Taxonomy en el m\u00f3dulo Revisioning v6.x-3.13 y otras versiones anteriores a v6.x-3.14 para Drupal permite a usuarios autenticados de forma remota tener ciertos privilegios para inyectar c\u00f3digo web script o HTML a trav\u00e9s de (1)tags o (2) par\u00e1metros term."
}
],
"id": "CVE-2012-1060",
"lastModified": "2024-11-21T01:36:19.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-02-14T00:55:01.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1431114"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://drupal.org/node/1433550"
},
{
"source": "cve@mitre.org",
"url": "http://drupalcode.org/project/revisioning.git/commit/768c882"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47931"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/51923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1431114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://drupal.org/node/1433550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/revisioning.git/commit/768c882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51923"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-28 17:55
Modified
2024-11-21 01:37
Severity ?
Summary
The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.0 | |
| rik_de_boer | revisioning | 7.x-1.1 | |
| rik_de_boer | revisioning | 7.x-1.2 | |
| rik_de_boer | revisioning | 7.x-1.x | |
| rik_de_boer | revisioning | 7.x-1.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF52E04C-FA27-4A40-8C65-E3195EFDDBAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "BB103093-A42E-42BF-99F6-87E7CFC8B202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "B3FBBCE5-CBE9-44C2-968B-4AC9C3C9BEFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "5BB069EF-CF7C-4E09-A710-C3526E0439B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "39C15145-C442-4DB1-944D-8CAC20D475C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "F5499411-30C0-49AE-A86A-0CAE4776EEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "050AE8CD-38A6-422F-BF37-91562EBA1753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "2126DE43-B110-4091-BF89-89B19A65FFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "39A44978-D60E-4BC8-8686-D37DB1A11E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "88A49A47-BED7-4316-BDB0-B861AF4ACF1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "DFD9AD40-89F5-45AE-B4A5-090F39E510E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "BFCF6DBC-9791-424B-BC65-DC5C990F9C83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "05AEB8FF-3D71-43F0-B315-B85A8088B45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "CE0BAD57-71F6-4D5C-B586-9BFF96A6538C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "E7CD6834-3118-4609-8F30-3D539DE57F12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "B10F2925-F3D6-4221-8925-92D1DD9CA6F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "437992A2-01B5-4A8C-ABE5-3E7E575FA19F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA56AC18-8534-4A52-8DA8-1295BD42FC77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F878269-B46B-4FF1-9064-8418878C3716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:*:*:*:*:*:*:*",
"matchCriteriaId": "83906B05-3E19-4B71-994A-2EBCB8792074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rik_de_boer:revisioning:7.x-1.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "3AEFC2CF-4875-45FC-836A-A7B273CDAE1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content."
},
{
"lang": "es",
"value": "La funcion hook_node_access en el m\u00f3dulo revisioning v7.x-1.x anterior a v7.x-1.3 para Drupal comprueba los permisos del usuario actual, incluso cuando se le llama para comprobar los permisos de otros usuarios, lo que permite a atacantes remotos evitar las restricciones de acceso, como se demuestra cuando se utiliza el m\u00f3dulo XML Sitemap para obtener informaci\u00f3n sensible acerca del contenido publicado."
}
],
"id": "CVE-2012-1635",
"lastModified": "2024-11-21T01:37:21.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-28T17:55:01.407",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1407456"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1409268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1407456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://drupal.org/node/1409268"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}