Restful Web Services Project : Security Vulnerabilities, CVEs, CVSS score >= 6
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
Max CVSS
8.8
EPSS Score
0.50%
Published
2020-02-11
Updated
2023-02-13
Cross-site request forgery (CSRF) vulnerability in the RESTful Web Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before 7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.
Max CVSS
6.8
EPSS Score
0.11%
Published
2013-03-19
Updated
2021-11-10
Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.
Max CVSS
6.8
EPSS Score
0.11%
Published
2012-12-03
Updated
2020-02-26
3 vulnerabilities found