Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Max CVSS
8.8
EPSS Score
0.07%
Published
2021-06-11
Updated
2021-06-21
Some administrative paths in Drupal 8.2.x before 8.2.7 did not include protection for CSRF. This would allow an attacker to disable some blocks on a site. This issue is mitigated by the fact that users would have to know the block ID.
Max CVSS
7.5
EPSS Score
0.13%
Published
2017-03-16
Updated
2017-07-12
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
Max CVSS
7.5
EPSS Score
1.83%
Published
2006-10-24
Updated
2018-10-17
3 vulnerabilities found