Описание
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Ссылки
- Not ApplicableVendor Advisory
- Not ApplicableVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.11.3 (исключая)
cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06531
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 3 лет назад
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
CVSS3: 6.5
debian
больше 3 лет назад
A carefully crafted request on UserPreferences.jsp could trigger an CS ...
CVSS3: 6.5
github
больше 3 лет назад
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
EPSS
Процентиль: 91%
0.06531
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-352