Vulnerabilities (CVE)

Filtered by vendor Niif Subscribe
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5513 1 Niif 1 Shibboleth Authentication 2024-11-21 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link.
CVE-2015-3375 1 Niif 1 Shibboleth Authentication 2024-11-21 5.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors.
CVE-2012-4494 2 Drupal, Niif 2 Drupal, Shibb Auth 2024-11-21 4.3 MEDIUM N/A
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.
CVE-2009-4527 2 Drupal, Niif 2 Drupal, Shib Auth 2024-11-21 4.6 MEDIUM N/A
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.