CVE-2012-2722

Name of the Vulnerable Software and Affected Versions Node Embed module versions 6.x-1.x before 6.x-1.5 Node Embed module versions 7.x-1.x before 7.x-1.0

Description The issue is related to the node selection interface in the WYSIWYG editor (CKEditor) of the Node Embed module for Drupal. It does not properly check permissions, allowing remote attackers to bypass intended access restrictions and read node titles.

Recommendations For Node Embed module versions 6.x-1.x before 6.x-1.5, update to version 6.x-1.5 or later. For Node Embed module versions 7.x-1.x before 7.x-1.0, update to version 7.x-1.0 or later.