exploitDog

CVE-2020-24983

Опубликовано: 11 мар. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.

Ссылки

https://c41nc.co.uk/cve-2020-24983/
Exploit
Third Party Advisory
https://c41nc.co.uk/cve-2020-24983/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:quadbase:espressreports_es:7:update_9:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00403

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-mfjv-v3p5-r7fc

github

больше 3 лет назад

An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF.

EPSS

Процентиль: 60%

0.00403

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352