CVE-2013-4227
The CVE affects Drupal with the Mozilla Persona module (7.x-1.x) prior to 7.x-1.11. A CSRF flaw exists in the persona_xsrf_token function where a security token not typed as a string can be accepted, enabling an attacker to hijack a user’s authentication. Root cause: token handling in persona_xsr...