RESTful Web Services Project RESTful Web Services 7.x-2.0 Alpha 4 for Drupal

CPE Details

RESTful Web Services Project RESTful Web Services 7.x-2.0 Alpha 4 for Drupal
restful_web_services_project
restful_web_services
7.x-2.0
2020-02-26
14h34 +00:00
2020-02-26
14h34 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:alpha4:*:*:*:drupal:*:*

Informations

Vendor

restful_web_services_project

Product

restful_web_services

Version

7.x-2.0

Update

alpha4

Target Software

drupal

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2013-4225 2020-02-11 19h19 +00:00 The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
8.8
Haute
CVE-2015-4345 2015-06-15 12h00 +00:00 The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
5
CVE-2013-1946 2014-04-06 14h00 +00:00 The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache."
4.3