Drupal : Security Vulnerabilities, CVEs, Published In October 2016

CVE-2016-7572

The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-10-03
Updated
2016-10-04

CVE-2016-7571

Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
Max CVSS
6.1
EPSS Score
0.14%
Published
2016-10-03
Updated
2016-10-04

CVE-2016-7570

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.
Max CVSS
4.3
EPSS Score
0.10%
Published
2016-10-03
Updated
2016-10-04
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close