Vulnerability Details CVE-2015-3363
Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete fields via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.1%
CVSS Severity
CVSS v2 Score 6.8
References
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.securityfocus.com/bid/72118
- https://www.drupal.org/node/2407147
- https://www.drupal.org/node/2407357
- http://www.openwall.com/lists/oss-security/2015/01/29/6
- http://www.securityfocus.com/bid/72118
- https://www.drupal.org/node/2407147
- https://www.drupal.org/node/2407357
Products affected by CVE-2015-3363
-
cpe:2.3:a:joshics:contact_form_fields:6.x-2.2