Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forgery.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.
References
Link | Resource |
---|---|
https://www.drupal.org/sa-contrib-2025-054 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Jun 2025, 15:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.drupal.org/sa-contrib-2025-054 - Vendor Advisory | |
First Time |
Miniorange
Miniorange miniorange 2fa |
|
CPE | cpe:2.3:a:miniorange:miniorange_2fa:*:*:*:*:*:drupal:*:* |
20 May 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
16 May 2025, 14:43
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
14 May 2025, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-14 17:15
Updated : 2025-06-10 15:25
NVD link : CVE-2025-47708
Mitre link : CVE-2025-47708
CVE.ORG link : CVE-2025-47708
JSON object : View
Products Affected
miniorange
- miniorange_2fa
CWE
CWE-352
Cross-Site Request Forgery (CSRF)