Description

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Remediation

References

CVE-2012-1590

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (1.8.9.3)

Wordpress Plugin Backup Migration Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36884)

WordPress Plugin My Chatbot Cross-Site Scripting (1.1)

Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-4616)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8120)

Severity

Medium

Classification

CVE-2012-1590 CWE-264

Tags

Missing Update Known Vulnerabilities