CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4391

Cross-site request forgery (CSRF) vulnerability in the CiviCRM private report module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of users for requests that delete reports via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.1%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2015-4391

Civicrm » Civicrm Private Report » Version: 6.x-1.0

cpe:2.3:a:civicrm:civicrm_private_report:6.x-1.0
Civicrm » Civicrm Private Report » Version: 6.x-1.1

cpe:2.3:a:civicrm:civicrm_private_report:6.x-1.1
Civicrm » Civicrm Private Report » Version: 7.x-1.0

cpe:2.3:a:civicrm:civicrm_private_report:7.x-1.0
Civicrm » Civicrm Private Report » Version: 7.x-1.1

cpe:2.3:a:civicrm:civicrm_private_report:7.x-1.1
Civicrm » Civicrm Private Report » Version: 7.x-1.2

cpe:2.3:a:civicrm:civicrm_private_report:7.x-1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-4391

Products

Pricing

Contact Us