1 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed. El modulo de Drupal, Comment RSS v5.x anteriores a v5.x-2.2 y v6.x anteriores a v6.x-2.2, no hace cumplir correctamente los permisos cuando un enlace se añade a un feed RSS, lo que permite a atacantes remotos obtener el titulo del nodo y posiblemente mas información sensible mediante la lectura del feed. • http://drupal.org/node/579280 http://drupal.org/node/579290 http://drupal.org/node/579292 http://secunia.com/advisories/36787 http://www.osvdb.org/58177 http://www.securityfocus.com/bid/36429 • CWE-264: Permissions, Privileges, and Access Controls •