Search criteria
12 vulnerabilities found for views by views_project
FKIE_CVE-2015-5490
Vulnerability from fkie_nvd - Published: 2015-08-18 17:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| views_project | views | 7.x-3.5 | |
| views_project | views | 7.x-3.6 | |
| views_project | views | 7.x-3.7 | |
| views_project | views | 7.x-3.8 | |
| views_project | views | 7.x-3.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "15890CE7-5208-4DD1-BCAC-2809091145D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "2D7AEF4E-57D4-4126-B013-0E9EA29F1875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "013171AE-1195-496C-AF2E-450DA98A2D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F1D695A3-33F1-4E15-BA91-AF7A3C153D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.10:*:*:*:*:drupal:*:*",
"matchCriteriaId": "17D783C7-6DC2-4113-BA1E-021162A302DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad en el m\u00e9todo _views_fetch_data en includes/cache.inc en el m\u00f3dulo Views 7.x-3.5 hasta 7.x-3.10 para Drupal, no reconstruye la cach\u00e9 completa si la cach\u00e9 est\u00e1tica no est\u00e1 vac\u00eda, lo que permite a atacantes remotos eludir los filtros previstos y obtener acceso a contenido oculto a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-5490",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-18T17:59:31.833",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74462"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.drupal.org/node/2475669"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2480259"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2480327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.drupal.org/node/2475669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2480259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2480327"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3379
Vulnerability from fkie_nvd - Published: 2015-04-21 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| views_project | views | * | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.1 | |
| views_project | views | 7.x-3.2 | |
| views_project | views | 7.x-3.3 | |
| views_project | views | 7.x-3.4 | |
| views_project | views | 7.x-3.5 | |
| views_project | views | 7.x-3.6 | |
| views_project | views | 7.x-3.7 | |
| views_project | views | 7.x-3.8 | |
| views_project | views | 7.x-3.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:views_project:views:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "B55B9FFA-050B-494C-8CCF-64A58B30C636",
"versionEndIncluding": "6.x-2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "67DB3ABB-09F3-4488-80EB-ED4F2FC131B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "24E2ABAF-D005-41C0-99D3-F912BE6393A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "BADD153C-08A4-42D2-8BA5-46D86C3AE866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "BF48BAA5-A710-43AC-88E5-0635DA155F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha4:*:*:*:drupal:*:*",
"matchCriteriaId": "57466CFA-637A-46C8-BED7-380D4BF8A8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "4B211858-D225-4F38-9FC3-5AC21A39768D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "7A7DD15E-DD70-4EF0-94ED-16BF00F8B9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "104ACE80-30C2-41D6-8B97-A565577F3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "23C69C48-42D4-4997-B839-0B311211AC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "A5804FE9-A757-481C-B5D5-99B751CB66C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "1557CBA7-8570-49F0-B824-FC1AD31D00D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "78654B23-2A8D-48C0-A2BF-465540B9A828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "251A4DD3-FE81-436F-BDA8-292D9348E3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "7EA55CB0-60B4-4F7A-AD16-66C417D51ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "9ED1AC0A-7B86-4DFF-85B4-1B8F6A35E98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "6FE79CAF-4353-4D40-8FF9-B71E27D701ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "3230372F-FC76-4E3C-BD76-76A6B58FDD97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "6872C0D0-D7EB-4B62-811B-704F445AC10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "15890CE7-5208-4DD1-BCAC-2809091145D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "2D7AEF4E-57D4-4126-B013-0E9EA29F1875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "013171AE-1195-496C-AF2E-450DA98A2D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F1D695A3-33F1-4E15-BA91-AF7A3C153D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "216BEC38-653E-4CDD-A591-4C3DD0D96978",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "El m\u00f3dulo Views anterior a 6.x-2.18, 6.x-3.x anterior a 6.x-3.2, y 7.x-3.x anterior a 7.x-3.10 para Drupal no restringe correctamente el acceso a las configuraciones de visualizaciones por defecto, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-3379",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-21T18:59:01.327",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424097"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2424403"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3378
Vulnerability from fkie_nvd - Published: 2015-04-21 18:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| views_project | views | * | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 6.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.1 | |
| views_project | views | 7.x-3.2 | |
| views_project | views | 7.x-3.3 | |
| views_project | views | 7.x-3.4 | |
| views_project | views | 7.x-3.5 | |
| views_project | views | 7.x-3.6 | |
| views_project | views | 7.x-3.7 | |
| views_project | views | 7.x-3.8 | |
| views_project | views | 7.x-3.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:views_project:views:*:*:*:*:*:drupal:*:*",
"matchCriteriaId": "B55B9FFA-050B-494C-8CCF-64A58B30C636",
"versionEndIncluding": "6.x-2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "67DB3ABB-09F3-4488-80EB-ED4F2FC131B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "24E2ABAF-D005-41C0-99D3-F912BE6393A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha2:*:*:*:drupal:*:*",
"matchCriteriaId": "BADD153C-08A4-42D2-8BA5-46D86C3AE866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha3:*:*:*:drupal:*:*",
"matchCriteriaId": "BF48BAA5-A710-43AC-88E5-0635DA155F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:alpha4:*:*:*:drupal:*:*",
"matchCriteriaId": "57466CFA-637A-46C8-BED7-380D4BF8A8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:rc2:*:*:*:drupal:*:*",
"matchCriteriaId": "4B211858-D225-4F38-9FC3-5AC21A39768D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:6.x-3.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "7A7DD15E-DD70-4EF0-94ED-16BF00F8B9C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:drupal:*:*",
"matchCriteriaId": "104ACE80-30C2-41D6-8B97-A565577F3A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:drupal:*:*",
"matchCriteriaId": "23C69C48-42D4-4997-B839-0B311211AC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:drupal:*:*",
"matchCriteriaId": "A5804FE9-A757-481C-B5D5-99B751CB66C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:drupal:*:*",
"matchCriteriaId": "1557CBA7-8570-49F0-B824-FC1AD31D00D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:drupal:*:*",
"matchCriteriaId": "78654B23-2A8D-48C0-A2BF-465540B9A828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:drupal:*:*",
"matchCriteriaId": "251A4DD3-FE81-436F-BDA8-292D9348E3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:drupal:*:*",
"matchCriteriaId": "7EA55CB0-60B4-4F7A-AD16-66C417D51ABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:drupal:*:*",
"matchCriteriaId": "9ED1AC0A-7B86-4DFF-85B4-1B8F6A35E98D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:drupal:*:*",
"matchCriteriaId": "6FE79CAF-4353-4D40-8FF9-B71E27D701ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:drupal:*:*",
"matchCriteriaId": "3230372F-FC76-4E3C-BD76-76A6B58FDD97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:drupal:*:*",
"matchCriteriaId": "6872C0D0-D7EB-4B62-811B-704F445AC10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:drupal:*:*",
"matchCriteriaId": "15890CE7-5208-4DD1-BCAC-2809091145D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.6:*:*:*:*:drupal:*:*",
"matchCriteriaId": "2D7AEF4E-57D4-4126-B013-0E9EA29F1875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.7:*:*:*:*:drupal:*:*",
"matchCriteriaId": "013171AE-1195-496C-AF2E-450DA98A2D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.8:*:*:*:*:drupal:*:*",
"matchCriteriaId": "F1D695A3-33F1-4E15-BA91-AF7A3C153D16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:drupal:*:*",
"matchCriteriaId": "216BEC38-653E-4CDD-A591-4C3DD0D96978",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views."
},
{
"lang": "es",
"value": "Vulnerabilidad de la redirecci\u00f3n abierta en el m\u00f3dulo Views anterior a 6.x-2.18, 6.x-3.x anterior a 6.x-3.2, y 7.x-3.x anterior a 7.x-3.10 para Drupal, cuando el subm\u00f3dulo Views UI est\u00e1 habilitado, permite a usuarios remotos autenticados redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a trav\u00e9s de vectores relacionados con la p\u00e1gina de interrupci\u00f3n del bloqueo para visualizaciones editadas."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
"id": "CVE-2015-3378",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-21T18:59:00.110",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/72590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424097"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/72590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.drupal.org/node/2424403"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1887
Vulnerability from fkie_nvd - Published: 2013-03-27 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.0 | |
| views_project | views | 7.x-3.1 | |
| views_project | views | 7.x-3.2 | |
| views_project | views | 7.x-3.3 | |
| views_project | views | 7.x-3.4 | |
| views_project | views | 7.x-3.5 | |
| views_project | views | 7.x-3.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DD5CD4-BE1E-4CD0-8154-E71F194EC21C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "575313F3-ADA8-409F-A46F-DFD851B157E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "66F77966-456C-42A4-ADBB-FA220214FB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B7B59C40-649C-40DD-A09F-CA3EA51291D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "59EED1F0-CF33-4F87-A51E-B30F2C025FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B409004F-1282-4AB6-8455-CB2095A45C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FFF9294-F089-4D34-8C35-974132F22B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "568E9296-C2AD-4D80-9327-F9A0DCBB5917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E087F61C-07A5-4037-A282-A460CBE616E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "50EB9D66-120E-426D-B3E9-1EAC8CB14D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA161F50-6EBD-4B3C-8BE7-AFB13B29A0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49A7C3D5-EDFA-4728-B84D-69C864351494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:views_project:views:7.x-3.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "6E62EF74-120B-4474-9660-22803BF41A6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo Views v7.x-3.x anterior a v7.x-3.6 para Drupal permite a usuarios autenticados remotamente con algunos permisos inyectar secuencias de comandos web o HTML a trav\u00e9s de ciertos campos de la vista de configuraci\u00f3n."
}
],
"id": "CVE-2013-1887",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-03-27T23:55:01.047",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1948354"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1948358"
},
{
"source": "secalert@redhat.com",
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51540"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/91576"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1948354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1948358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/91576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58621"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-5490 (GCVE-0-2015-5490)
Vulnerability from cvelistv5 – Published: 2015-08-18 17:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2480327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2480259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2475669"
},
{
"name": "74462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74462"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2480327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2480259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2475669"
},
{
"name": "74462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74462"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2480327",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2480327"
},
{
"name": "https://www.drupal.org/node/2480259",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2480259"
},
{
"name": "https://www.drupal.org/node/2475669",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2475669"
},
{
"name": "74462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74462"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name": "http://cgit.drupalcode.org/views/commit/?id=cef693b",
"refsource": "CONFIRM",
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5490",
"datePublished": "2015-08-18T17:00:00",
"dateReserved": "2015-07-10T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3379 (GCVE-0-2015-3379)
Vulnerability from cvelistv5 – Published: 2015-04-21 18:00 – Updated: 2024-09-16 17:19
VLAI?
Summary
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-21T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2424403",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2424403"
},
{
"name": "https://www.drupal.org/node/2424103",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "https://www.drupal.org/node/2424101",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424101"
},
{
"name": "https://www.drupal.org/node/2424097",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3379",
"datePublished": "2015-04-21T18:00:00Z",
"dateReserved": "2015-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:19:11.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3378 (GCVE-0-2015-3378)
Vulnerability from cvelistv5 – Published: 2015-04-21 18:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "72590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "72590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2424403",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2424403"
},
{
"name": "https://www.drupal.org/node/2424103",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "72590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72590"
},
{
"name": "https://www.drupal.org/node/2424101",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424101"
},
{
"name": "https://www.drupal.org/node/2424097",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3378",
"datePublished": "2015-04-21T18:00:00",
"dateReserved": "2015-04-21T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1887 (GCVE-0-2013-1887)
Vulnerability from cvelistv5 – Published: 2013-03-27 23:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:36.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1948358"
},
{
"name": "91576",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/91576"
},
{
"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"name": "58621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1948354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-27T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1948358"
},
{
"name": "91576",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/91576"
},
{
"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"name": "58621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1948354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51540"
},
{
"name": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"name": "http://drupal.org/node/1948358",
"refsource": "MISC",
"url": "http://drupal.org/node/1948358"
},
{
"name": "91576",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91576"
},
{
"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"name": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"name": "58621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58621"
},
{
"name": "http://drupal.org/node/1948354",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1948354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1887",
"datePublished": "2013-03-27T23:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:54.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-5490 (GCVE-0-2015-5490)
Vulnerability from nvd – Published: 2015-08-18 17:00 – Updated: 2024-08-06 06:50
VLAI?
Summary
The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2480327"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2480259"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2475669"
},
{
"name": "74462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74462"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2480327"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2480259"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2475669"
},
{
"name": "74462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74462"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attackers to bypass intended filters and obtain access to hidden content via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2480327",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2480327"
},
{
"name": "https://www.drupal.org/node/2480259",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2480259"
},
{
"name": "https://www.drupal.org/node/2475669",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2475669"
},
{
"name": "74462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74462"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name": "http://cgit.drupalcode.org/views/commit/?id=cef693b",
"refsource": "CONFIRM",
"url": "http://cgit.drupalcode.org/views/commit/?id=cef693b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5490",
"datePublished": "2015-08-18T17:00:00",
"dateReserved": "2015-07-10T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3379 (GCVE-0-2015-3379)
Vulnerability from nvd – Published: 2015-04-21 18:00 – Updated: 2024-09-16 17:19
VLAI?
Summary
The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-21T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2424403",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2424403"
},
{
"name": "https://www.drupal.org/node/2424103",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "https://www.drupal.org/node/2424101",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424101"
},
{
"name": "https://www.drupal.org/node/2424097",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3379",
"datePublished": "2015-04-21T18:00:00Z",
"dateReserved": "2015-04-21T00:00:00Z",
"dateUpdated": "2024-09-16T17:19:11.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3378 (GCVE-0-2015-3378)
Vulnerability from nvd – Published: 2015-04-21 18:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.406Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "72590",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72590"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.drupal.org/node/2424403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "72590",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72590"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424101"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.drupal.org/node/2424097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to the break lock page for edited views."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2424403",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2424403"
},
{
"name": "https://www.drupal.org/node/2424103",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424103"
},
{
"name": "[oss-security] 20150213 CVE requests for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/02/13/12"
},
{
"name": "72590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72590"
},
{
"name": "https://www.drupal.org/node/2424101",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424101"
},
{
"name": "https://www.drupal.org/node/2424097",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2424097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3378",
"datePublished": "2015-04-21T18:00:00",
"dateReserved": "2015-04-21T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1887 (GCVE-0-2013-1887)
Vulnerability from nvd – Published: 2013-03-27 23:00 – Updated: 2024-09-16 20:57
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:36.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51540"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1948358"
},
{
"name": "91576",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/91576"
},
{
"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"name": "58621",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58621"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1948354"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-27T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51540"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1948358"
},
{
"name": "91576",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/91576"
},
{
"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"name": "58621",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58621"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1948354"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51540"
},
{
"name": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120892/Drupal-Views-7.x-Cross-Site-Scripting.html"
},
{
"name": "http://drupal.org/node/1948358",
"refsource": "MISC",
"url": "http://drupal.org/node/1948358"
},
{
"name": "91576",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91576"
},
{
"name": "[oss-security] 20130325 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/25/4"
},
{
"name": "20130320 [Security-news] SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Mar/193"
},
{
"name": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/views.git/commitdiff/ddf8181bd13f69ffbeeee14ae72168418785d7ac"
},
{
"name": "[oss-security] 20130322 Re: CVE Request -- drupal7-views : SA-CONTRIB-2013-035 - Views - Cross Site Scripting (XSS)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/22/8"
},
{
"name": "58621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58621"
},
{
"name": "http://drupal.org/node/1948354",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1948354"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1887",
"datePublished": "2013-03-27T23:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:57:54.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}