Lucene search
K

4 matches found

NVD
NVD
added 2015/04/21 4:59 p.m.15 views

CVE-2015-3367

Multiple cross-site request forgery CSRF vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 restore, 2 publish, or 3 unpublish a pattern via unspecified vectors...

6.8CVSS7.2AI score0.00656EPSS
Exploits0References4
CVE
CVE
added 2015/04/21 4:0 p.m.109 views

CVE-2015-3367

CVE-2015-3367 corresponds to CSRF vulnerabilities in the Drupal Patterns module. Affected: Patterns 7.x-2.x prior to 7.x-2.2. Impact: remote attackers could leverage CSRF to cause administrators to restore, publish, or unpublish patterns. Root cause: missing or weak CSRF protection in the Pattern...

6.8CVSS7.4AI score0.00656EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/04/21 4:0 p.m.26 views

CVE-2015-3367

Multiple cross-site request forgery CSRF vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 restore, 2 publish, or 3 unpublish a pattern via unspecified vectors...

7.2AI score0.00656EPSS
Exploits0References4
Drupal
Drupal
added 2015/01/21 12:0 a.m.27 views

SA-CONTRIB-2015-025 - Patterns - Cross Site Request Forgery (CSRF)

Patterns module manages and automates site configuration. Site configurations stored in XML or YAML are called Patterns, and these are easy to read, modify, manage & share and can be executed manually or as a part of an automated web site deployment. Some links were not protected against CSRF. A...

6.8CVSS6.1AI score0.00656EPSS
Exploits0References9
Rows per page
Query Builder