Skip to main content

Password Policy

6 CVEs product

Monthly

CVE-2022-35931 LOW PATCH Monitor

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Password Policy
NVD GitHub
CVSS 3.1
2.7
EPSS
0.4%
CVE-2015-4387 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Password Policy
NVD
CVSS 2.0
2.6
EPSS
0.3%
CVE-2013-4274 LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS Password Policy
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2012-5552 MEDIUM PATCH This Month

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Password Policy
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-1633 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Password Policy
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2012-1632 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Password Policy
NVD
CVSS 2.0
2.1
EPSS
0.2%
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Password Policy
NVD GitHub
EPSS 0% CVSS 2.6
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable.

XSS Password Policy
NVD
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. Public exploit code available.

XSS Password Policy
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to "client-side password. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Password Policy
NVD
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Password Policy
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

XSS Password Policy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy