QwikSec

Security Database

CVE

CWE

Training

CVE-2012-2069

Published: Sep 6, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://drupal.org/node/1492624

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

http://drupalcode.org/project/wishlist.git/commit/6660c33

x_refsource_CONFIRM

http://www.madirish.net/content/drupal-wishlist-6x-24-xss-vulnerability

x_refsource_MISC

[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)

mailing-list

x_refsource_MLIST

http://drupalcode.org/project/wishlist.git/commit/73aaf98

x_refsource_CONFIRM

http://drupal.org/node/1483634

x_refsource_CONFIRM

http://drupal.org/node/1483636

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.