Published: 27/06/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x prior to 6.x-1.5 and 7.x-1.x prior to 7.x-1.0 for Drupal does not properly check permissions, which allows remote malicious users to bypass intended access restrictions and read node titles.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

scott_reynen node_embed 6.x-1.1

scott_reynen node_embed 6.x-1.2

scott_reynen node_embed 6.x-1.0

scott_reynen node_embed 7.x-1.0

scott_reynen node_embed 7.x-1.x

scott_reynen node_embed 6.x-1.3

scott_reynen node_embed 6.x-1.4