7 matches found
EUVD-2015-3408
Malware in sbrugna...
CVE-2015-3363
Cross-site request forgery CSRF vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors...
CVE-2015-3363
CVE-2015-3363 is a CSRF vulnerability in the Drupal Contact Form Fields module prior to 6.x-2.3. It allows an attacker to trick an authenticated administrator into performing actions (notably deleting fields) on behalf of the admin, via unspecified vectors. Affected versions are all before 6.x-2....
CVE-2015-3363
Cross-site request forgery CSRF vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors...
Multiple Cross-Site Request Forgery Vulnerabilities in Drupal Contact Form Fields
Drupal is a free and open source content management system developed in PHP. Multiple cross-site request forgery vulnerabilities exist in Drupal Contact Form Fields, which can be exploited by an attacker to perform certain unauthorized actions and gain access to affected applications...
SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)
The Contact Form Fields module enables you to create additional fields to site-wide contact form. Some links were not properly protected from CSRF. A malicious user could cause an administrator to delete fields by getting the administrator's browser to make a request to a specially-crafted URL...