Описание
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
Ссылки
- Release NotesVendor Advisory
- Permissions Required
- Release NotesVendor Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 8.5.6 (исключая)
cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00125
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
EPSS
Процентиль: 32%
0.00125
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352