This page lists publicly disclosed CVE vulnerabilities affecting boombatower subuser (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-4487 | The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | [email protected] | 4.0 | 0.17% | 2012-11-02 | 2026-04-29 |
| CVE-2012-4486 | Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | [email protected] | 6.8 | 0.14% | 2012-11-02 | 2026-04-29 |