drupal -- Cross site request forgeries
The Drupal Project reports:
Several parts in Drupal core are not protected against cross
site request forgeries due to inproper use of the Forms API,
or by taking action solely on GET requests. Malicious users are
able to delete comments and content revisions and disable menu
items by enticing a privileged users to visit certain URLs while
the victim is logged-in to the targeted site.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright