{"id":"DRUPAL-CONTRIB-2025-110","details":"This module allows you to use different currencies on your website and do currency conversion.\n\nThe module doesn't sufficiently protect routes used to enable and disable currencies from Cross-Site Request Forgery (CSRF) attacks, potentially allowing an attacker to trick an admin into changing settings.","aliases":["CVE-2025-10930","GHSA-27fv-rpgj-4c6m"],"modified":"2026-03-19T18:15:06.525406Z","published":"2025-09-24T17:27:41Z","references":[{"type":"WEB","url":"https://www.drupal.org/sa-contrib-2025-110"}],"affected":[{"package":{"name":"drupal/currency","ecosystem":"Packagist:https://packages.drupal.org/8","purl":"pkg:composer/drupal/currency"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.5.0"}],"database_specific":{"constraint":"\u003c3.5.0"}}],"database_specific":{"affected_versions":"\u003c3.5.0","source":"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/currency/DRUPAL-CONTRIB-2025-110.json"}}],"schema_version":"1.7.5","credits":[{"name":"Juraj Nemec (poker10)","contact":["https://www.drupal.org/u/poker10"]}]}