Lullabot

lullabot

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Fivestar Module For Drupal

fivestar_module_for_drupal

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-2096 1Lullabot 1Fivestar Module For Drupal Apr 29, 2026 Aug 14, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.
CVE-2009-2572 1Lullabot 1Fivestar Module For Drupal Apr 23, 2026 Jul 22, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for...Show more Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for requests that cast votes.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2012-2096

1Lullabot

1Fivestar Module For Drupal

Apr 29, 2026

Aug 14, 2012

N/A· v4

N/A· v3

5.0 MEDIUM· v2

The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter.

CVE-2009-2572

1Lullabot

1Fivestar Module For Drupal

Apr 23, 2026

Jul 22, 2009

N/A· v4

N/A· v3

6.8 MEDIUM· v2

Cross-site request forgery (CSRF) vulnerability in the Fivestar module 5.x-1.x before 5.x-1.14 and 6.x-1.x before 6.x-1.14, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users for...Show more