Description

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.

Remediation

References

CVE-2014-2983

Related Vulnerabilities

WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2694)

Omeka Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3982)

WordPress Plugin WP BASE Booking of Appointments, Services and Events PHP Object Injection (3.5.0)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.49)

Severity

Medium

Classification

CVE-2014-2983 CWE-200

Tags

Missing Update Known Vulnerabilities