Lucene search
MitreCVE-2008-0271HistoryJan 15, 2008 - 8:00 p.m.
CVE-2008-0271
2008-01-1520:00:00
CWE-352
mitre
web.nvd.nist.gov
23
cve-2008-0271
bueditor
drupal
cross-site request forgery
csrf
security vulnerability
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
High
EPSS
0.002
Percentile
54.3%
The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal’s Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete custom editor interfaces.
Affected configurations
Node
drupalbueditorRange≤4.7.x-1.0
ORdrupalbueditorRange≤5.x-1.0
Related
prion
prion
Cross site request forgery (csrf)
2008-01-15 20:00:00
cvelist
cvelist
CVE-2008-0271
2008-01-15 19:00:00
nvd
nvd
CVE-2008-0271
2008-01-15 20:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
6.8
Confidence
High
EPSS
0.002
Percentile
54.3%
Related for CVE-2008-0271