Description

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.

Remediation

References

CVE-2012-1590

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35480)

WordPress Plugin Age Verify Cross-Site Scripting (0.2.8)

WordPress Plugin RegistrationMagic-User Registration with Custom Registration Forms Privilege Escalation (5.3.0.0)

GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3314)

b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479)

Severity

Medium

Classification

CVE-2012-1590 CWE-264

Tags

Missing Update Known Vulnerabilities