Erikwebb : Security Vulnerabilities, CVEs,

CVE-2013-4274

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page.
Max CVSS
2.1
EPSS Score
0.10%
Published
2013-08-28
Updated
2013-08-29

CVE-2012-5552

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password history checks."
Max CVSS
5.0
EPSS Score
0.47%
Published
2012-12-03
Updated
2013-07-20

CVE-2012-1633

Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
Max CVSS
6.8
EPSS Score
0.56%
Published
2012-09-20
Updated
2017-04-29
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close