CVE-2015-5508

eXtensible Catalog Drupal Toolkit - Cross-Site Request Forgery in XC NCIP Provider Module

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2507619
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75277
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/04/4

Scores

EPSS 0.0076
EPSS Percentile 50.7%

Details

CWE
CWE-352
Status published
Products (1)
the_extensible_catalog_drupal_toolkit_project/the_extensible_catalog_drupal_toolkit
Published Aug 18, 2015
Tracked Since Feb 18, 2026