exploitDog

CVE-2015-5508

Опубликовано: 18 авг. 2015

Источник: nvd

CVSS2: 5.1

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:the_extensible_catalog_drupal_toolkit_project:the_extensible_catalog_drupal_toolkit:-:*:*:*:*:drupal:*:*

EPSS

Процентиль: 52%

0.00296

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-6763-w38x-4mrv

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.

EPSS

Процентиль: 52%

0.00296

Низкий

5.1 Medium

CVSS2

Дефекты

CWE-352