EUVD-2015-3408

Malware in sbrugna...

CVE-2015-3363

Cross-site request forgery CSRF vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors...

CVE-2015-3363

CVE-2015-3363 is a CSRF vulnerability in the Drupal Contact Form Fields module prior to 6.x-2.3. It allows an attacker to trick an authenticated administrator into performing actions (notably deleting fields) on behalf of the admin, via unspecified vectors. Affected versions are all before 6.x-2....

SA-CONTRIB-2015-020 - Contact Form Fields - Cross Site Request Forgery (CSRF)

The Contact Form Fields module enables you to create additional fields to site-wide contact form. Some links were not properly protected from CSRF. A malicious user could cause an administrator to delete fields by getting the administrator's browser to make a request to a specially-crafted URL...