3 matches found
CVE-2015-4361
Cross-site request forgery CSRF vulnerability in the Registration codes module before 6.x-1.6 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete registration codes via unspecified vectors...
CVE-2015-4361
CVE-2015-4361 is a CSRF vulnerability in Drupal’s Registration codes module (before 6.x-1.6, affects 6.x-1.x/6.x-2.x/7.x-1.x branches). The issue permits remote attackers to hijack administrator sessions to issue requests that delete registration codes via unspecified vectors. Remediation per con...
SA-CONTRIB-2015-065 - Registration codes - Multiple vulnerabilities
Registration codes module allows new account registrations only for users who provide a valid registration code. The module was not properly sanitizing user supplied text in some pages, thereby exposing XSS vulnerabilities. Additionally, some URLs were not protected against CSRF, a malicious user...