Unrated severityNVD Advisory· Published Jul 16, 2013· Updated Jun 16, 2026
CVE-2013-0245
CVE-2013-0245
Description
The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
73cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*+ 72 more
- cpe:2.3:a:drupal:drupal:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:dev:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.11:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.12:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.13:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.14:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.15:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.16:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.17:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.18:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.19:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.20:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.21:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.22:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.23:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.24:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.25:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.26:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.27:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:6.9:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha5:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha6:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:alpha7:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:dev:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.11:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.12:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.13:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.14:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.15:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.16:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.17:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.18:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.8:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.9:*:*:*:*:*:*:*
- cpe:2.3:a:drupal:drupal:7.x-dev:*:*:*:*:*:*:*
- (no CPE)range: 6.x <6.28, 7.x <7.19
Patches
Vulnerability mechanics
References
8- drupal.org/SA-CORE-2013-001nvdPatchVendor Advisory
- secunia.com/advisories/51717nvdVendor Advisory
- osvdb.org/89305nvd
- packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.htmlnvd
- seclists.org/fulldisclosure/2013/Jan/120nvd
- seclists.org/oss-sec/2013/q1/211nvd
- www.debian.org/security/2013/dsa-2776nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81380nvd
News mentions
0No linked articles in our index yet.