exploitDog

GHSA-v888-xcc4-jmr2

Опубликовано: 11 мар. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 8

Описание

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.

Ссылки

EPSS

Процентиль: 18%

0.00056

Низкий

8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-27910

CVSS3: 8

nvd

11 месяцев назад

tianti v2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /user/ajax/upd/status. This vulnerability allows attackers to execute arbitrary operations via a crafted GET or POST request.

EPSS

Процентиль: 18%

0.00056

Низкий

8 High

CVSS3

CVE ID

Дефекты

CWE-352