4 matches found
CVE-2015-4391
Cross-site request forgery CSRF vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors...
CVE-2015-4391
Summary: The CVE-2015-4391 vulnerability affects the Drupal CiviCRM private report module, specifically 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3. The root cause is CSRF in the private report module that allows remote attackers to hijack a user’s session to delete reports via crafted ...
CVE-2015-4391
Cross-site request forgery CSRF vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors...
CiviCRM private report - Moderately Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-094
CiviCRM private report module enables users to create their own private copies of CiviCRM reports, which they can modify and save to meet their needs without requiring the "Administer reports" permission. The module doesn't sufficiently protect some links against CSRF. A malicious user can cause...