Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal Email Field模块跨站脚本漏洞和安全绕过漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal中的Email Field模块6.x-1.3之前的6.x-1.x版本中存在漏洞,该漏洞源于使用字段权限模块且字段联系字段格式器设置为全部或局部显示模式时,程序没有正确验证权限。通过未明向量,远程攻击者利用该漏洞用电子邮件发送存储地址。
CVSS Information
N/A
Vulnerability Type
N/A