Klaus Purer

#11150of 53,638
24.7Total CVSS
Vulnerabilities · 4
Low
1
Medium
2
Critical
1
PT-2024-10128
5.5
2024-02-28
Drupal · Drupal Coffee · CVE-2024-13247
**Name of the Vulnerable Software and Affected Versions** Drupal Coffee versions 0.0.0 through 1.4.0 **Description** The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting (XSS). This can be exploited by a remote attacker to conduct a cross-site scripting attack. **Recommendations** For versions 0.0.0 through 1.4.0, update to a version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.
PT-2022-8502
9.8
2022-02-11
Drupal · Drupal · CVE-2020-13675
**Name of the Vulnerable Software and Affected Versions** Drupal (affected versions not specified) **Description** The issue concerns the JSON:API and REST/File modules in Drupal, which allow file uploads through their HTTP APIs. However, these modules do not correctly run all file validation, leading to an access bypass issue. An attacker could potentially upload files that bypass the validation process implemented by other modules on the site. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2013-5475
2.6
2013-08-19
Drupal · Scald · CVE-2013-5315
**Name of the Vulnerable Software and Affected Versions** Scald module versions 6.x-1.x before 6.x-1.0-beta3 Scald module versions 7.x-1.x before 7.x-1.1 **Description** A cross-site scripting (XSS) issue exists in the Resource Manager of the MEE submodule in the Scald module for Drupal, allowing remote attackers to inject arbitrary web script or HTML via the `atom title`. **Recommendations** For Scald module version 6.x-1.x, update to version 6.x-1.0-beta3 or later. For Scald module version 7.x-1.x, update to version 7.x-1.1 or later.
PT-2013-3569
6.8
2013-07-01
Drupal · Drupal · CVE-2013-2158
**Name of the Vulnerable Software and Affected Versions** Drupal versions 6.x-3.x through 7.x-3.x before 7.x-3.4 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of victims via unknown vectors. **Recommendations** For versions 6.x-3.x through 7.x-3.x before 7.x-3.4, update to version 7.x-3.4 or later to resolve the issue.