Описание
Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.
Ссылки
- Third Party Advisory
- Product
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wger:workout_manager:2.2.0:a3:*:*:*:android:*:*
EPSS
Процентиль: 56%
0.00337
Низкий
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 2 лет назад
wger Workout Manager Cross-Site Request Forgery vulnerability
EPSS
Процентиль: 56%
0.00337
Низкий
8.8 High
CVSS3
Дефекты
CWE-352