MidnightBSD

Advisories for structured_dynamics

CVE-2015-7232 LOW

Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
structured_dynamics open_semantic_framework 7.x-3.0
structured_dynamics open_semantic_framework 7.x-3.x
CVE-2015-7233 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
structured_dynamics open_semantic_framework 7.x-3.0
structured_dynamics open_semantic_framework 7.x-3.x
CVE-2015-7234 MEDIUM

The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
structured_dynamics open_semantic_framework 7.x-3.0
structured_dynamics open_semantic_framework 7.x-3.x