CVE-2012-2079

The CVE-2012-2079 CSRF vulnerability affects the Drupal Activity module (6.x-1.x). The 6.x-1.x branch does not filter output correctly and does not confirm user intent when removing an activity, enabling unauthorized state-changing requests to the server. Impact details in public advisories descr...

CVE-2012-2078

Activity module 6.x-1.x (Drupal) is affected by a cross-site scripting (XSS) vulnerability due to output not being properly filtered, and an associated issue where removing an activity could trigger a cross-site request forgery (CSRF). Exploitation requires a user with the permissions to access a...