Описание
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.
Ссылки
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:xcms:xcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00313
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.
EPSS
Процентиль: 54%
0.00313
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-352