CVE-2015-7233

Published: Sep 17, 2015Modified: May 6, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of administrators for requests that create new OSF datasets via unspecified vectors.

Affected (2)

Products: Structured Dynamics: Open Semantic Framework

Structured Dynamics

1 product

Open Semantic Framework

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Structured Dynamics Open Semantic Framework	Version 7.x-3.0
Structured Dynamics Open Semantic Framework	Version 7.x-3.x dev

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://www.drupal.org/node/2537120

Source: cve@mitre.org

Patch

https://www.drupal.org/node/2537860

Source: cve@mitre.org

PatchVendor Advisory

https://www.drupal.org/node/2537120

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://www.drupal.org/node/2537860

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.