Description

The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 for Drupal does not properly implement access checks, which allows remote attackers with "access content" permissions to bypass restrictions and modify the node hierarchy via unspecified attack vectors.

Remediation

References

CVE-2008-2771

Related Vulnerabilities

WordPress Plugin WP Easy Gallery 'select_gallery' Parameter Cross-Site Scripting (1.7)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10909)

WordPress Plugin Reviews Plus Denial of Service (1.2.13)

WordPress Plugin BetterOptin Cross-Site Scripting (1.2.4)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4863)

Severity

Medium

Classification

CVE-2008-2771 CWE-264

Tags

Missing Update Known Vulnerabilities