CVE-2008-0271

The CVE concerns the Drupal module BUEditor (version range: 4.7.x prior to 4.7.x-1.0 and 5.x prior to 5.x-1.1). The underlying issue is that the editor deletion form does not follow Drupal’s Forms API submission model, enabling a CSRF attack that can delete custom editor interfaces. Practical imp...