Vulnerabilities > Acquia > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-03 | CVE-2017-1000489 | Improper Authentication vulnerability in multiple products Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 6.8 |
2018-01-03 | CVE-2017-1000488 | Cross-site Scripting vulnerability in multiple products Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. | 4.3 |
2017-05-10 | CVE-2017-8874 | Cross-Site Request Forgery (CSRF) vulnerability in Acquia Mautic 1.4.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. | 6.8 |
2016-01-08 | CVE-2015-8754 | Permissions, Privileges, and Access Controls vulnerability in Acquia Mollom The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors. | 5.0 |
2013-07-16 | CVE-2013-1908 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
2013-07-16 | CVE-2013-1907 | Permissions, Privileges, and Access Controls vulnerability in Acquia Commons and Commons Group The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | 5.0 |
2012-10-31 | CVE-2012-4483 | Permissions, Privileges, and Access Controls vulnerability in Acquia Commons The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | 5.0 |