Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rpf8-7x2r-4j6x

Опубликовано: 17 мая 2022
Источник: github
Github: Не прошло ревью

Описание

Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.

Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.

EPSS

Процентиль: 62%
0.00438
Низкий

Дефекты

CWE-352

Связанные уязвимости

nvd
почти 13 лет назад

Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.

EPSS

Процентиль: 62%
0.00438
Низкий

Дефекты

CWE-352