RESTful Web Services Project RESTful Web Services 7.x-2.0 for Drupal

CPE Details

RESTful Web Services Project RESTful Web Services 7.x-2.0 for Drupal
restful_web_services_project
restful_web_services
7.x-2.0
2019-06-26
09h54 +00:00
2020-02-26
14h21 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:restful_web_services_project:restful_web_services:7.x-2.0:*:*:*:*:drupal:*:*

Informations

Vendor

restful_web_services_project

Product

restful_web_services

Version

7.x-2.0

Target Software

drupal

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-13255 2025-01-09 19h00 +00:00 Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10.
7.5
High
CVE-2013-4225 2020-02-11 19h19 +00:00 The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
8.8
High
CVE-2015-4345 2015-06-15 12h00 +00:00 The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.