Vulnerability Details CVE-2015-8602
The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inserting a token, which embeds a rendered entity in the main node.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 31.4%
CVSS Severity
CVSS v2 Score 3.5
References
Products affected by CVE-2015-8602
-
cpe:2.3:a:token_insert_entity_project:token_insert_entity:7.x-1.0