Lucene search
MitreCVE-2015-3382HistoryApr 21, 2015 - 6:59 p.m.
CVE-2015-3382
2015-04-2118:59:04
CWE-352
mitre
web.nvd.nist.gov
25
csrf
vulnerability
node basket module
drupal
remote attackers
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.002
Percentile
53.5%
Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2) remove nodes from a basket via unspecified vectors.
Affected configurations
Node
insitenode_basketRange≤7.x-1.0-rc2drupal
| Vendor | Product | Version | CPE |
|---|---|---|---|
| insite | node_basket | * | cpe:2.3:a:insite:node_basket:*:*:*:*:*:drupal:*:* |
Related
nvd
nvd
CVE-2015-3382
2015-04-21 18:59:04
prion
prion
Cross site request forgery (csrf)
2015-04-21 18:59:00
cvelist
cvelist
CVE-2015-3382
2015-04-21 18:00:00
drupal
drupal
SA-CONTRIB-2015-042 - Node basket - Multiple vulnerabilities - Unsupported
2015-02-11 00:00:00
kaspersky
kaspersky
KLA10563 Multiple vulnerabilities in Drupal modules
2015-04-21 00:00:00
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
7.5
Confidence
Low
EPSS
0.002
Percentile
53.5%
Related for CVE-2015-3382