CVE-2015-5508
eXtensible Catalog Drupal Toolkit - Cross-Site Request Forgery in XC NCIP Provider Module
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2507619
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75277
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/04/4
Scores
EPSS
0.0076
EPSS Percentile
50.7%
Details
CWE
CWE-352
Status
published
Products (1)
the_extensible_catalog_drupal_toolkit_project/the_extensible_catalog_drupal_toolkit
Published
Aug 18, 2015
Tracked Since
Feb 18, 2026