Description

Drupal 6.x before 6.27 and 7.x before 7.18 displays information for blocked users, which might allow remote attackers to obtain sensitive information by reading the search results.

Remediation

References

CVE-2012-5651

Related Vulnerabilities

Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-40898)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35463)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14750)

WordPress Plugin CKEditor for WordPress Cross-Site Scripting (4.5.3)

RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-8324)

Severity

Medium

Classification

CVE-2012-5651 CWE-264

Tags

Missing Update Known Vulnerabilities