exploitDog

GHSA-ggpw-5qfx-mxxj

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

Ссылки

EPSS

Процентиль: 29%

0.00103

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2016-4504

CVSS3: 8.8

nvd

почти 9 лет назад

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

EPSS

Процентиль: 29%

0.00103

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352