Lucene search
+L

26 matches found

Prion
Prion
added 2015/06/15 2:59 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 create, 2 delete, or 3 alter invoices via unspecified vectors...

6.8CVSS7.9AI score0.00657EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2015/06/15 2:59 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice"...

3.5CVSS5.6AI score0.00966EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2015/06/15 2:0 p.m.45 views

CVE-2015-4381

The CVE-2015-4381 entry affects the Drupal Invoice contributed module (versions 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3). The issue is a Cross-Site Scripting (XSS) vulnerability that can be exploited by remote authenticated users who have the "Administer own invoices" permission to inje...

3.5CVSS5.4AI score0.00966EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2015/06/15 2:0 p.m.44 views

CVE-2015-4382

CVE-2015-4382 refers to CSRF vulnerabilities in the Drupal Invoice contributed module. Impacted versions are 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.3, allowing remote attackers to hijack the authentication of arbitrary users to perform invoices-related actions (create, delete, or alt...

6.8CVSS7.6AI score0.00657EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/06/15 2:0 p.m.27 views

CVE-2015-4381

Cross-site scripting XSS vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecified vectors involving nodes of the "Invoice"...

5.3AI score0.00966EPSS
Exploits0References5
CNVD
CNVD
added 2015/05/20 12:0 a.m.8 views

Drupal Invoice Module Cross-Site Request Forgery Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site request forgery vulnerability exists in Drupal Invoice, which allows remote attackers to construct malicious URIs, trick users into parsing them, and can target user contexts to perform malicious actions...

6.8CVSS7AI score0.00966EPSS
Exploits0References1
Rows per page
Query Builder