Description
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)
WordPress Plugin Link Library Cross-Site Scripting (5.9.5.5)
WordPress Plugin SMTP Mail Cross-Site Scripting (1.3.1)
WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)