EUVD-2015-5463

Malware in sbrugna...

CVE-2015-5508

Cross-site request forgery CSRF vulnerability in the XC NCIP Provider module in the eXtensible Catalog XC Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the XC NCIP Provider module in the eXtensible Catalog XC Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request...

CVE-2015-5508

CVE-2015-5508 refers to a CSRF vulnerability in The eXtensible Catalog (XC) Drupal Toolkit, specifically the XC NCIP Provider module. The issue arises because certain NCIP-Provider-related URLs aren’t sufficiently CSRF-protected, allowing an attacker to cause users with the administer ncip provid...

Drupal eXtensible Catalog Drupal Toolkit Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open source content management system developed in PHP. eXtensible Catalog XC Drupal Toolkit is a new generation of discovery services XC Drupal Toolkit module . A cross-site request forgery vulnerability exists in the Drupal eXtensible Catalog Drupal Toolkit module that allows...

The eXtensible Catalog (XC) Drupal Toolkit - Critical - Cross Site Request Forgery (CSRF) - SA-CONTRIB-2015-121

The eXtensible Catalog Drupal Toolkit is a set of Drupal modules to harvest records of the XC Schema format from a Metadata Services Toolkit MST. The XC NCIP Provider module doesn't sufficiently protect some URLs against CSRF. A malicious user can cause a user with "administer ncip providers"...