Cross-Site Request Forgery in XC NCIP Provider Module of eXtensible Catalog
CVE-2015-5508

Currently unrated

Key Information:

Vendor: The Extensible Catalog Drupal Toolkit Project
Status: The Extensible Catalog Drupal Toolkit
Vendor: CVE Published:; 18 August 2015

🔔 Create The Extensible Catalog Drupal Toolkit Project Vulnerability Alert

What is CVE-2015-5508?

The XC NCIP Provider module within the eXtensible Catalog (XC) on Drupal is susceptible to a cross-site request forgery (CSRF) vulnerability. This flaw enables remote attackers to exploit crafted requests that manipulate the NCIP providers for users possessing 'administer ncip providers' permissions. Such exploitation can lead to unauthorized actions being taken on behalf of the victim without their consent, compromising the integrity of the module's operation.

References

https://www.drupal.org/node/2507619

x_refsource_MISC

http://www.securityfocus.com/bid/75277

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2015/07/04/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2015
Vulnerability Reserved
Jul 10, 2015

CVE-2015-5508 Data

JSON