Vulnerabilities > Janrain > RPX
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-25 | CVE-2012-2296 | Information Exposure vulnerability in Janrain RPX The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. | 5.0 |
2011-02-04 | CVE-2011-0771 | Improper Input Validation vulnerability in Janrain RPX 6.X1.3 The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login provider site. | 6.8 |