Structured Dynamics » Open Semantic Framework : Security Vulnerabilities, CVEs,
The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors.
Max CVSS
4.0
EPSS Score
0.19%
Published
2015-09-17
Updated
2015-09-23
Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors.
Max CVSS
5.1
EPSS Score
0.08%
Published
2015-09-17
Updated
2015-09-18
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
2.6
EPSS Score
0.11%
Published
2015-09-17
Updated
2015-09-18
3 vulnerabilities found