DSA-3291-1 drupal7 -- drupal7ID: oval:org.secpod.oval:def:602149 | Date: (C)2015-06-23 (M)2022-09-22 |
Class: PATCH | Family: unix |
Several vulnerabilities were found in drupal7, a content management platform used to power websites. CVE-2015-3231 Incorrect cache handling made private content viewed by "user 1" exposed to other, non-privileged users. CVE-2015-3232 A flaw in the Field UI module made it possible for attackers to redirect users to malicious sites. CVE-2015-3233 Due to insufficient URL validation, the Overlay module could be used to redirect users to malicious sites. CVE-2015-3234 The OpenID module allowed an attacker to log in as other users, including administrators.
Platform: |
Debian 8.x |
Debian 7.x |