CVE-2013-0320
Taxonomy Manager 6.x-2.x < 6.x-2.2 and 7.x-1.x < 7.x-1.0-rc1 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
References (6)
Core 6
Core References
Patch x_refsource_confirm
http://drupal.org/node/1922170
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/21/5
Various Sources x_refsource_confirm
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
Patch x_refsource_confirm
http://drupal.org/node/1922168
Patch, Vendor Advisory x_refsource_misc
http://drupal.org/node/1922410
Various Sources x_refsource_confirm
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
Scores
EPSS
0.0068
EPSS Percentile
48.2%
Details
CWE
CWE-352
Status
published
Products (5)
mattias_hutterer/taxonomy_manager
6.x-2.0
mattias_hutterer/taxonomy_manager
6.x-2.1
mattias_hutterer/taxonomy_manager
6.x-2.x dev
mattias_hutterer/taxonomy_manager
7.x-1.0 alpha1 (7 CPE variants)
mattias_hutterer/taxonomy_manager
7.x-1.x dev
Published
Mar 27, 2013
Tracked Since
Feb 18, 2026