Spaces
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12756 | 0.00 | — | 0.00 | Feb 11, 2025 | An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user. | |||
| CVE-2024-12755 | 0.00 | — | 0.00 | Feb 11, 2025 | A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information. | |||
| CVE-2013-4498 | 0.00 | — | 0.01 | May 17, 2014 | The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the… | |||
| CVE-2012-2303 | 0.00 | — | 0.02 | Jul 18, 2012 | The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. |
- CVE-2024-12756Feb 11, 2025risk 0.00cvss —epss 0.00
An HTML Injection vulnerability in Avaya Spaces may have allowed disclosure of sensitive information or modification of the page content seen by the user.
- CVE-2024-12755Feb 11, 2025risk 0.00cvss —epss 0.00
A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces may have allowed unauthorized code execution and potential disclose of sensitive information.
- CVE-2013-4498May 17, 2014risk 0.00cvss —epss 0.01
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the…
- CVE-2012-2303Jul 18, 2012risk 0.00cvss —epss 0.02
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module.