CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5513
https://notcve.org/view.php?id=CVE-2015-5513
18 Aug 2015 — Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. Vulnerabilidad de XSS en el módulo de autenticación Shibboleth 6.x-4.x en versiones anteriores a 6.x-4.2 y 7.x-4.x en versiones anteriores a 7.x-4.2 para Drupal, permite a usuarios remotos autenticados con lo... • http://www.openwall.com/lists/oss-security/2015/07/04/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3375
https://notcve.org/view.php?id=CVE-2015-3375
21 Apr 2015 — Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors. Vulnerabilidad de CSRF en el módulo Shibboleth Authentication anterior a 6.x-4.1 y 7.x-4.x anterior a 7.x-4.1 para Drupal permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que elimina... • http://www.openwall.com/lists/oss-security/2015/01/29/6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2012-4494
https://notcve.org/view.php?id=CVE-2012-4494
31 Oct 2012 — The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in. El módulo de autenticación Shibboleth v7.x-4.0 para Drupal no comprueba correctamente la condición activa de los usuarios, lo que permite a usuarios remotos bloqueados eludir las restricciones de acceso y posiblemente tener otro impacto por el acceso. • http://drupal.org/node/1493244 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2009-4527
https://notcve.org/view.php?id=CVE-2009-4527
31 Dec 2009 — The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser. El módulo de autenticación Shibboleth v5.x anterior a v5.x-3.4 y v6.x anterior a v6.x-3.2, un módulo para Drupal, no elimina adecuadamente los privilegios otorgados estáticamente después un cierre de sesión u otro cam... • http://drupal.org/node/604488 • CWE-264: Permissions, Privileges, and Access Controls •