The Rename Admin Path module provides additional security to Drupal sites by renaming the admin paths. The module has a vulnerability with allows attackers to bypass the protection by using specially crafted URLs.

The risk is mitigated by the fact that, even though the attacker can bypass the protection offered by this module, all regular permissions still apply.

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission.

The module contains an access bypass vulnerability when used in combination with the Views Bulk Operations module. An authenticated user is able to assign the administrator role to his own user.

This vulnerability is mitigated by the fact that an attacker must have access to an overview of users with the views bulk operations module enabled. E.g. The admin_views module provides such a view.

This module is used as part of the Opigno LMS distribution and implements learning paths for the LMS.

The module was providing too much user information about users such as the list of groups a uid is in.

The GOV.UK Theme (govuk_theme) is a Drupal theme for the GOV.UK Design System.

The theme doesn't sanitize user input in certain cases, which leads to Cross-Site-Scripting (XSS) vulnerabilities. An attacker that can create or edit certain entities or configuration may be able to exploit one or more Cross-Site-Scripting (XSS) vulnerabilities to target visitors of the site, including site admins with privileged access.

The vulnerability is mitigated by the facts, that: