CVE-2013-2158
Services module 6.x-3.x and 7.x-3.x < 7.x-3.4 - Cross-Site Request Forgery
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_confirm
https://drupal.org/node/2012366
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53649
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/53661
Vendor Advisory x_refsource_misc
https://drupal.org/node/2012982
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/93980
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84791
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Jun/23
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/60356
Scores
EPSS
0.0073
EPSS Percentile
49.8%
Details
CWE
CWE-352
Status
published
Products (8)
services_project/services
6.x-3.0
services_project/services
6.x-3.1
services_project/services
6.x-3.2
services_project/services
6.x-3.3
services_project/services
7.x-3.0
services_project/services
7.x-3.1
services_project/services
7.x-3.2
services_project/services
7.x-3.3
Published
Jul 01, 2013
Tracked Since
Feb 18, 2026