exploitDog

GHSA-3qj8-w38x-qmxh

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

Ссылки

EPSS

Процентиль: 76%

0.00974

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2005-1947

CVSS3: 4.3

nvd

больше 20 лет назад

Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.

EPSS

Процентиль: 76%

0.00974

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352