CVE-2013-2158

Services module 6.x-3.x and 7.x-3.x < 7.x-3.4 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

References (8)

Core 8
Core References
Vendor Advisory x_refsource_confirm
https://drupal.org/node/2012366
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53649
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53661
Vendor Advisory x_refsource_misc
https://drupal.org/node/2012982
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/93980
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84791
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Jun/23
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/60356

Scores

EPSS 0.0073
EPSS Percentile 49.8%

Details

CWE
CWE-352
Status published
Products (8)
services_project/services 6.x-3.0
services_project/services 6.x-3.1
services_project/services 6.x-3.2
services_project/services 6.x-3.3
services_project/services 7.x-3.0
services_project/services 7.x-3.1
services_project/services 7.x-3.2
services_project/services 7.x-3.3
Published Jul 01, 2013
Tracked Since Feb 18, 2026