CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13312 – Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-076
https://notcve.org/view.php?id=CVE-2024-13312
09 Jan 2025 — Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. • https://www.drupal.org/sa-contrib-2024-076 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13274 – Open Social - Moderately critical - Denial of Service - SA-CONTRIB-2024-038
https://notcve.org/view.php?id=CVE-2024-13274
09 Jan 2025 — Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. • https://www.drupal.org/sa-contrib-2024-038 • CWE-799: Improper Control of Interaction Frequency •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13273 – Open Social - Moderately critical - Cross Site Scripting, Denial of Service - SA-CONTRIB-2024-037
https://notcve.org/view.php?id=CVE-2024-13273
09 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. • https://www.drupal.org/sa-contrib-2024-037 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13241 – Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005
https://notcve.org/view.php?id=CVE-2024-13241
09 Jan 2025 — Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. • https://www.drupal.org/sa-contrib-2024-005 • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13240 – Open Social - Moderately critical - Access bypass - SA-CONTRIB-2024-004
https://notcve.org/view.php?id=CVE-2024-13240
09 Jan 2025 — Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. • https://www.drupal.org/sa-contrib-2024-004 • CWE-284: Improper Access Control •