Releases1
Last Release
A Browser-esque location object

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
= 6.x-3.0, = 6.x-3.1, = 6.x-3.x, = 7.x-1.0, = 7.x-3.x, = 7.x-4.x, = 7.x-5.x5 MEDIUM

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page.