exploitDog

CVE-2012-3343

Опубликовано: 09 июн. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.

Ссылки

http://www.kb.cert.org/vuls/id/722963
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8R9LBY
http://www.kb.cert.org/vuls/id/722963
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8R9LBY

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bloxx:web_filtering:*:*:*:*:*:*:*:*

Версия до 5.0.13 (включая)

EPSS

Процентиль: 24%

0.00083

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-f8rc-mg6q-9jvx

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.

EPSS

Процентиль: 24%

0.00083

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352