PT-2012-3783 · Drupal · Drupal
Kurt Seifried
·
Publicado
2012-09-06
·
Atualizado
2012-10-30
·
CVE-2012-2069
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drupal Wishlist module versions 6.x-2.x before 6.x-2.6
Drupal Wishlist module versions 7.x-2.x before 7.x-2.6
Description
A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack user authentication for requests that insert cross-site scripting (XSS) sequences. This is achieved via the
wl reveal or q parameters.Recommendations
For Drupal Wishlist module version 6.x-2.x, update to version 6.x-2.6 or later.
For Drupal Wishlist module version 7.x-2.x, update to version 7.x-2.6 or later.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal