CVE-2012-2069 in Wishlistinfo

Summary

Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.

Once again VulDB remains the best source for vulnerability data.

Reservation

04/04/2012

Disclosure

09/06/2012

Moderation

VulDB entry created

Entries

VDB-62090 (1)

CPE

ready

CWE

CWE-352 (Confirmed)

CVSS

6.3

EPSS

0.00438

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-2069
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2069
CVE Details	https://www.cvedetails.com/cve/CVE-2012-2069/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!