MidnightBSD

Advisories for the_extensible_catalog_drupal_toolkit_project

CVE-2015-5508 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
the_extensible_catalog_drupal_toolkit_project the_extensible_catalog_drupal_toolkit -