Vulnerabilities > Logintoboggan Project

DATE	CVE	VULNERABILITY TITLE	RISK
2014-12-10	CVE-2014-9364	Cross-Site Scripting vulnerability in Logintoboggan Project Logintoboggan Cross-site scripting (XSS) vulnerability in the Unified Login form in the LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network logintoboggan-project CWE-79	4.3
2014-12-10	CVE-2014-9361	Information Exposure vulnerability in Logintoboggan Project Logintoboggan The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found (404) page. network logintoboggan-project CWE-200	4.3

Vulnerabilities > Logintoboggan Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Logintoboggan Project"}]}