Lucene search
PRIOn knowledge basePRION:CVE-2015-5498HistoryAug 18, 2015 - 5:59 p.m.
Cross site request forgery (csrf)
2015-08-1817:59:00
PRIOn knowledge base
www.prio-n.com
5
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shipwire_api | eq | 7.120.12 | |
| shipwire_api | eq | 7.120.10 | |
| shipwire_api | eq | 7.120.11 |
Related
cve
cve
CVE-2015-5498
2015-08-18 17:59:56
cvelist
cvelist
CVE-2015-5498
2015-08-18 17:00:00
nvd
nvd
CVE-2015-5498
2015-08-18 17:59:56
drupal
drupal
Shipwire - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-111
2015-05-20 00:00:00