1 results (0.001 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces. El editor de supresión de forma en BUEditor 4.7.x anterior a 4.7.x-1.0 y 5.x anterior a 5.x-1.1, un módulo para Drupal, no sigo el modelo de presentación API, el cual permite a atacantes remotos llevar a cabo ataques de falsificación de petición en sitios cruzados (CSRF) y borrar interfaces de editor de cliente. • http://drupal.org/node/208534 http://secunia.com/advisories/28418 http://www.vupen.com/english/advisories/2008/0128 https://exchange.xforce.ibmcloud.com/vulnerabilities/39614 • CWE-352: Cross-Site Request Forgery (CSRF) •