Skip to main content

Entity Api

3 CVEs product

Monthly

CVE-2015-2197 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Entity Api
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-7391 MEDIUM PATCH This Month

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Entity Api
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-4273 MEDIUM PATCH This Month

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Entity Api
NVD
CVSS 2.0
4.0
EPSS
0.2%
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS Entity Api
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Entity Api
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Entity Api
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy