Gabor Hojtsy: Security Vulnerabilities
Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for Drupal, does not properly enforce permissions when a link is added to the RSS feed, which allows remote attackers to obtain the node title and possibly other sensitive content by reading the feed.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-10-06