CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.7%
Node Template module enables you to define any node as a node template and it can be duplicated later.
The module doesn’t sufficiently protect some URLs against CSRF. A malicious user can cause a user with “access node template” permission to delete node templates by getting their browser to make a request to a specially-crafted URL.
All versions of Node Template module.
Drupal core is not affected. If you do not use the contributed Node Template module, there is nothing you need to do.
If you use the Node Template module you should uninstall it.
Also see the Node Template project page.
Not applicable.