CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-3354

Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete wishlist purchase intentions via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.9%

CVSS Severity

CVSS v2 Score 5.8

References

http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/72114
https://www.drupal.org/node/2406803
https://www.drupal.org/node/2406811
https://www.drupal.org/node/2407313
http://www.openwall.com/lists/oss-security/2015/01/29/6
http://www.securityfocus.com/bid/72114
https://www.drupal.org/node/2406803
https://www.drupal.org/node/2406811
https://www.drupal.org/node/2407313

Products affected by CVE-2015-3354

Wishlist Project » Wishlist » Version: Any

cpe:2.3:a:wishlist_project:wishlist:*
Wishlist Project » Wishlist » Version: 7.x-2.5

cpe:2.3:a:wishlist_project:wishlist:7.x-2.5
Wishlist Project » Wishlist » Version: 7.x-2.6

cpe:2.3:a:wishlist_project:wishlist:7.x-2.6
Wishlist Project » Wishlist » Version: 7.x-2.x-dev

cpe:2.3:a:wishlist_project:wishlist:7.x-2.x-dev

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3354

Products

Pricing

Contact Us