Lucene search
K

4 matches found

NVD
NVD
added 2015/06/15 2:59 p.m.8 views

CVE-2015-4391

Cross-site request forgery CSRF vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors...

6.8CVSS7.1AI score0.00656EPSS
Exploits0References5
CVE
CVE
added 2015/06/15 2:0 p.m.39 views

CVE-2015-4391

Summary: The CVE-2015-4391 vulnerability affects the Drupal CiviCRM private report module, specifically 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3. The root cause is CSRF in the private report module that allows remote attackers to hijack a user’s session to delete reports via crafted ...

6.8CVSS7.3AI score0.00656EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/06/15 2:0 p.m.12 views

CVE-2015-4391

Cross-site request forgery CSRF vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors...

7.1AI score0.00656EPSS
Exploits0References5
Drupal
Drupal
added 2015/04/08 12:0 a.m.22 views

CiviCRM private report - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-094

CiviCRM private report module enables users to create their own private copies of CiviCRM reports, which they can modify and save to meet their needs without requiring the "Administer reports" permission. The module doesn't sufficiently protect some links against CSRF. A malicious user can cause...

6.8CVSS6.3AI score0.00656EPSS
Exploits0References9
Rows per page
Query Builder