Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the "local translation submission interface."
2009-02-19T15:30:00.343
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | drupal | localization_client | ≤ 5.x-1.0 | Yes |
| Application | drupal | localization_client | ≤ 6.x-1.5 | Yes |
| Application | drupal | localization_client | 5.x-1.xdev | Yes |
| Application | drupal | localization_client | 6.x-1.0 | Yes |
| Application | drupal | localization_client | 6.x-1.1 | Yes |
| Application | drupal | localization_client | 6.x-1.2 | Yes |
| Application | drupal | localization_client | 6.x-1.3 | Yes |
| Application | drupal | localization_client | 6.x-1.4 | Yes |
| Application | drupal | localization_client | 6.x-1.xdev | Yes |
| Application | drupal | localization_server | ≤ 5.x-1.0alpha4 | Yes |
| Application | drupal | localization_server | ≤ 6.x-1.0alpha1 | Yes |
| Application | drupal | localization_server | 5.x-1.0alpha1 | Yes |
| Application | drupal | localization_server | 5.x-1.0alpha2 | Yes |
| Application | drupal | localization_server | 5.x-1.0alpha3 | Yes |
| Application | drupal | localization_server | 5.x-1.xdev | Yes |
| Application | drupal | localization_server | 6.x-1.xdev | Yes |