Описание
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-47131
- https://blog.hackingforce.com.br/en/xss
- https://github.com/OpenXP-Research/CVE-2022-47131
- https://portswigger.net/web-security/csrf
- https://portswigger.net/web-security/csrf/xss-vs-csrf
- https://www.linkedin.com/in/xvinicius
- https://xpsec.co/blog/academy-lms-5-10-add-page-csrf-xss
Связанные уязвимости
CVSS3: 4.8
nvd
около 3 лет назад
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.