VYPR

Linkit

by Drupal

CVEs (2)

  • CVE-2015-3361Apr 21, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.

  • CVE-2012-2304Aug 14, 2012
    risk 0.00cvss epss 0.02

    The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.