:A vulnerability has been reported in the Userpoints module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.The module allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to accept or decline points in moderation by e.g. tricking a moderator into visiting a malicious site.The vulnerability is reported in Userpoints for Drupal 4.7.x before version 4.7.x-2.3 and Userpoints for Drupal 5.x before version 5.x-3.3 or 5.x-2.16Solution:Apply updated versions.Userpoints 4.7.x-2.x users:Upgrade to Userpoints 4.7.x-2.3.Userpoints 5.x-2.x users:Update to Userpoints 5.x-2.16.Userpoints 5.x-3.x users:Upgrade to Userpoints 5.x-3.3.Provided and/or discovered by:Greg Knaddison (greggles), Drupal Security Team.Original Advisory:http://drupal.org/node/216023

Original post by manisha