CVE-2013-0320

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
VendorProductVersion
mattias_hutterertaxonomy_manager
6.x-2.0:x
mattias_hutterertaxonomy_manager
6.x-2.1:x
mattias_hutterertaxonomy_manager
6.x-2.x:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.0:x
mattias_hutterertaxonomy_manager
7.x-1.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/1922168
http://drupal.org/node/1922170
http://drupal.org/node/1922410
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
http://www.openwall.com/lists/oss-security/2013/02/21/5
http://drupal.org/node/1922168
http://drupal.org/node/1922170
http://drupal.org/node/1922410
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
http://www.openwall.com/lists/oss-security/2013/02/21/5