Avatar Uploader Project Avatar Uploader — known CVE vulnerabilities
Every CVE whose affected-product data names Avatar Uploader Project Avatar Uploader, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2015-2087 — CVSS 6.5 (medium): Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute…
CVE-2022-50957 — CVSS 6.1 (medium): Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to…
CVE-2014-9155 — CVSS 4.0 (medium): Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows…