Description
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Remediation
References
Related Vulnerabilities
IBM RTC Improper Input Validation Vulnerability (CVE-2015-1928)
WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)
WordPress Plugin WP Membership Multiple Vulnerabilities (1.2.3)
Internet Information Services Other Vulnerability (CVE-2002-0150)
WebLogic Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5397)