Vulnerabilities > Campaign Monitor Project > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-15 | CVE-2015-4364 | Cross-Site Request Forgery (CSRF) vulnerability in Campaign Monitor Project Campaign Monitor 7.X1.0 Multiple cross-site request forgery (CSRF) vulnerabilities in includes/campaignmonitor_lists.admin.inc in the Campaign Monitor module 7.x-1.0 for Drupal allow remote attackers to hijack the authentication of users for requests that (1) enable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/enable or (2) disable list subscriptions via a request to admin/config/services/campaignmonitor/lists/%/disable. | 6.8 |