Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-0320

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-27 Mar, 2013 | 21:00
Updated At-16 Sep, 2024 | 19:37
Rejected At-
Credits

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:27 Mar, 2013 | 21:00
Updated At:16 Sep, 2024 | 19:37
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://drupal.org/node/1922170
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/02/21/5
mailing-list
x_refsource_MLIST
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
x_refsource_CONFIRM
http://drupal.org/node/1922168
x_refsource_CONFIRM
http://drupal.org/node/1922410
x_refsource_MISC
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
x_refsource_CONFIRM
Hyperlink: http://drupal.org/node/1922170
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2013/02/21/5
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
Resource:
x_refsource_CONFIRM
Hyperlink: http://drupal.org/node/1922168
Resource:
x_refsource_CONFIRM
Hyperlink: http://drupal.org/node/1922410
Resource:
x_refsource_MISC
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://drupal.org/node/1922170
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2013/02/21/5
mailing-list
x_refsource_MLIST
x_transferred
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
x_refsource_CONFIRM
x_transferred
http://drupal.org/node/1922168
x_refsource_CONFIRM
x_transferred
http://drupal.org/node/1922410
x_refsource_MISC
x_transferred
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
x_refsource_CONFIRM
x_transferred
Hyperlink: http://drupal.org/node/1922170
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2013/02/21/5
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://drupal.org/node/1922168
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://drupal.org/node/1922410
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:27 Mar, 2013 | 21:55
Updated At:11 Apr, 2025 | 00:51

Cross-site request forgery (CSRF) vulnerability in the Taxonomy Manager (taxonomy_manager) module 6.x-2.x before 6.x-2.2 and 7.x-1.x before 7.x-1.0-rc1 for Drupal allows remote attackers to hijack the authentication of users with 'administer taxonomy' permissions via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.1MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.1
Base severity: MEDIUM
Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P
CPE Matches
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>6.x-2.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.0:*:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>6.x-2.1
cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.1:*:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>6.x-2.x
cpe:2.3:a:mattias_hutterer:taxonomy_manager:6.x-2.x:dev:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha1:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha2:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha3:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:alpha4:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta1:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta2:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.0
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.0:beta3:*:*:*:*:*:*
mattias_hutterer
mattias_hutterer
>>taxonomy_manager>>7.x-1.x
cpe:2.3:a:mattias_hutterer:taxonomy_manager:7.x-1.x:dev:*:*:*:*:*:*
The Drupal Association
drupal
>>drupal>>-
cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://drupal.org/node/1922168secalert@redhat.com
Patch
http://drupal.org/node/1922170secalert@redhat.com
Patch
http://drupal.org/node/1922410secalert@redhat.com
Patch
Vendor Advisory
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801secalert@redhat.com
N/A
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3secalert@redhat.com
N/A
http://www.openwall.com/lists/oss-security/2013/02/21/5secalert@redhat.com
N/A
http://drupal.org/node/1922168af854a3a-2127-422b-91ae-364da2661108
Patch
http://drupal.org/node/1922170af854a3a-2127-422b-91ae-364da2661108
Patch
http://drupal.org/node/1922410af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801af854a3a-2127-422b-91ae-364da2661108
N/A
http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2013/02/21/5af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://drupal.org/node/1922168
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://drupal.org/node/1922170
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://drupal.org/node/1922410
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2013/02/21/5
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://drupal.org/node/1922168
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://drupal.org/node/1922170
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://drupal.org/node/1922410
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/2d05801
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://drupalcode.org/project/taxonomy_manager.git/commitdiff/595f1b3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2013/02/21/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

108Records found
CVE-2012-2959
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-5.1||MEDIUM
EPSS-0.20% / 42.55%
||
7 Day CHG~0.00%
Published-11 Jun, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

Action-Not Available
Vendor-bmcn/a
Product-identity_management_suiten/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2012-0440
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.17% / 38.86%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2015-4396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.15% / 35.62%
||
7 Day CHG~0.00%
Published-15 Jun, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwresearch admin site keywords" permission for requests that (1) create, (2) delete, or (3) set priorities to keywords via unspecified vectors.

Action-Not Available
Vendor-keyword_research_projectn/a
Product-keyword_researchn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-37198
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.93%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 11:27
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks.

Action-Not Available
Vendor-Siemens AG
Product-comosCOMOS V10.4COMOS V10.3COMOS V10.2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-33338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.05%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 13:07
Updated-13 May, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and conduct Cross-Site Request Forgery (CSRF) attacks via the p_auth parameter.

Action-Not Available
Vendor-n/aLiferay Inc.
Product-liferay_portaldigital_experience_platformn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-26296
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.45%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 08:30
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces

In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-myfacesoncommand_insightApache MyFaces Core
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-25053
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.92%
||
7 Day CHG~0.00%
Published-10 Jan, 2022 | 15:30
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Coder < 2.5.2 - RFI leading to RCE via CSRF

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Action-Not Available
Vendor-wow-companyUnknown
Product-wp_coderWP Coder – add custom html, css and js code
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2013-1414
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.38% / 58.87%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortigate-110cfortigate-3950bfortiosfortigate-800cfortigaterugged-100cfortigate-600cfortigate-5101cfortigate-5001a-swfortigate-100dfortigate-50bfortigate-20cfortigate-3040bfortigate-5020fortigate-40cfortigate-310bfortigate-1240bfortigate-1000cfortigate-3810afortigate-5140bfortigate-200bfortigate-300cfortigate-80cfortigate-311bfortigate-5060fortigate-620bfortigate-60cfortigate-3240cfortigate-3140bfortigate-5001bfortigate-voice-80cn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found