3 matches found
CVE-2015-3343
Cross-site request forgery CSRF vulnerability in the OPAC module before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of unspecified victims for requests that remove a mapping via unknown vectors...
CVE-2015-3343
The Drupal OPAC module (7.x-2.x) is vulnerable to a Cross-Site Request Forgery (CSRF) that allows remote attackers to hijack user authentication and remove mappings, because the module does not require confirmation when removing a mapping. Affected versions are OPAC 7.x-2.x prior to 7.x-2.3. The ...
SA-CONTRIB-2015-001 - OPAC - Cross Site Request Forgery (CSRF)
OPAC module enables you to create mappings between node fields and ILS record fields. The module doesn't ask for confirmation when removing a mapping, leaving this operation vulnerable to cross-site request forgery CSRF attacks. CVE identifiers issued CVE-2015-3343 Versions affected OPAC 7.x-2.x...