Vulnerability: CSRF attack in Drupal Heartbeat

Posted: September 7, 2012 in Encyclopedia viruses
Tags: , , , ,

Cross-site scriptingCSRF attack in Drupal Heartbeat

Impact: Cross Site Scripting

Affected products:

– Drupal Heartbeat Module 6.x;
– Drupal Heartbeat Module 7.x

Affected versions: Drupal Heartbeat version to 6.x-4.12, possibly earlier.

Drupal Heartbeat version to 7.x-1.1, maybe earlier.


The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and post a comment.

Manufacturer URL:

Solution: Install the update from the manufacturer.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s