Description
The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.
Remediation
References
Related Vulnerabilities
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)
Django Resource Management Errors Vulnerability (CVE-2015-5145)
WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0)
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (4.0.1)
WordPress Plugin Events Manager Multiple Cross-Site Scripting Vulnerabilities (5.3.3)