Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal ‘BrowserID’ 跨站请求伪造漏洞和安全绕过漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal的BrowserID(Mozilla Persona)模块中存在跨站请求伪造漏洞和安全绕过漏洞。攻击者可利用这些漏洞绕过安全限制进而获取敏感信息,或者执行未授权操作,获取对受影响应用程序的访问,这可能导致进一步的攻击。BrowserID(Mozilla Persona) 7.x-1.3之前的7.x-1.x版本中存在这些漏洞。
CVSS Information
N/A
Vulnerability Type
N/A