exploitDog

GHSA-5q4h-2vw3-5vc3

Опубликовано: 26 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

Ссылки

EPSS

Процентиль: 31%

0.00115

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2023-46699

CVSS3: 4.3

nvd

около 2 лет назад

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

EPSS

Процентиль: 31%

0.00115

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352