MidnightBSD

Advisories for wishlist_project

CVE-2015-3354 MEDIUM

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
wishlist_project wishlist 7.x-2.5
wishlist_project wishlist 7.x-2.x-dev
wishlist_project wishlist *
wishlist_project wishlist 7.x-2.6
CVE-2015-3357 LOW

Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a log message.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
wishlist_project wishlist 7.x-2.5
wishlist_project wishlist 7.x-2.x-dev
wishlist_project wishlist *
wishlist_project wishlist 7.x-2.6