CyberSec.Space Logo
Back to CVE Browser

CVE-2012-2713

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0190%
EPSS Percentile11.42th
PublishedJun 27, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site.

Affected Platforms (CPE)

πŸ“¦
Browserid Project

Browserid

= 7.x-1.1
πŸ“¦
Browserid Project

Browserid

= 7.x-1.2

References & Advisories

πŸ”— http://drupal.org/node/1597414
πŸ”— http://drupalcode.org/project/browserid.git/commitdiff/5e5cdcd
πŸ”— http://secunia.com/advisories/49227
πŸ”— http://www.openwall.com/lists/oss-security/2012/06/14/3
πŸ”— http://www.osvdb.org/82466
πŸ”— http://www.securityfocus.com/bid/53673
πŸ”— https://drupal.org/node/1596464
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/75869

Related Vulnerabilities

CVE-2012-27149.8

The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of a...

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...