exploitDog

GHSA-p98q-wg7p-cp6v

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8

Описание

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Ссылки

EPSS

Процентиль: 28%

0.00102

Низкий

8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2016-2863

CVSS3: 8

nvd

больше 9 лет назад

Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

EPSS

Процентиль: 28%

0.00102

Низкий

8 High

CVSS3

CVE ID

Дефекты

CWE-352