exploitDog

CVE-2023-40172

Опубликовано: 18 авг. 2023

Источник: nvd

CVSS3: 6.5

CVSS3: 8.8

EPSS Низкий

Описание

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fobybus:social-media-skeleton:*:*:*:*:*:*:*:*

Версия до 1.0.5 (исключая)

EPSS

Процентиль: 17%

0.00055

Низкий

6.5 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352

EPSS

Процентиль: 17%

0.00055

Низкий

6.5 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352