CVE-2015-5508

Published: Aug 18, 2015Modified: May 6, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "administer ncip providers" permission for requests that alter NCIP providers via a crafted request.

Affected (1)

Products: The Extensible Catalog Drupal Toolkit Project: The Extensible Catalog Drupal Toolkit

The Extensible Catalog Drupal Toolkit Project

1 product

The Extensible Catalog Drupal Toolkit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
The Extensible Catalog Drupal Toolkit Project The Extensible Catalog Drupal Toolkit	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://www.openwall.com/lists/oss-security/2015/07/04/4

Source: cve@mitre.org

http://www.securityfocus.com/bid/75277

Source: cve@mitre.org

https://www.drupal.org/node/2507619

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/07/04/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/75277

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.drupal.org/node/2507619

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.