PT-2025-44358 · Drupal · Drupal Currency
Juraj Nemec
+2
·
Published
2025-09-24
·
Updated
2025-10-30
·
CVE-2025-10930
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Drupal Currency versions prior to 3.5.0
Description
A Cross-Site Request Forgery (CSRF) issue exists in Drupal Currency. This allows attackers to perform actions on behalf of authenticated users without their knowledge. CSRF occurs when a malicious website, email, or other communication tricks a user's browser into sending a request to a vulnerable web application.
Recommendations
Update Drupal Currency to version 3.5.0 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Currency