cpe:/a:postrev:post_revolution:0.6.2:beta cpe:/a:postrev:post_revolution:0.6.3:beta cpe:/a:postrev:post_revolution:0.6.4 cpe:/a:postrev:post_revolution:0.6.5 cpe:/a:postrev:post_revolution:0.6.6 cpe:/a:postrev:post_revolution:0.7.0:rc1 cpe:/a:postrev:post_revolution:0.7.0:rc2 cpe:/a:postrev:post_revolution:0.7.0:rc3 cpe:/a:postrev:post_revolution:0.7.0:rc4 cpe:/a:postrev:post_revolution:0.8.0:alpha cpe:/a:postrev:post_revolution:0.8.0b cpe:/a:postrev:post_revolution:0.8.0c cpe:/a:postrev:post_revolution:0.8.0c-2 CVE-2011-1954 2011-06-06T15:55:02.583-04:00 2011-09-21T23:31:12.757-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-06-07T11:16:00.000-04:00 BUGTRAQ 20110601 Post Revolution 0.8.0c Multiple Remote Vulnerabilities SECUNIA 44710 OSVDB 72641 SREASON 8270 MISC http://javierb.com.ar/2011/06/01/postrev-vunls/ CONFIRM http://postrev.com.ar/verpost.php?id_noticia=59 Multiple cross-site request forgery (CSRF) vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to (1) ajax-weblog-guardar.php, (2) verpost.php, (3) comments.php, or (4) perfil.php.