exploitDog

CVE-2023-46699

Опубликовано: 26 дек. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

Ссылки

https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory
https://jvn.jp/en/jp/JVN18715935/
Third Party Advisory
https://weseek.co.jp/ja/news/2023/11/21/growi-prevent-xss6/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:weseek:growi:*:*:*:*:*:*:*:*

Версия до 6.0.0 (исключая)

EPSS

Процентиль: 31%

0.00115

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-5q4h-2vw3-5vc3

CVSS3: 4.3

github

около 2 лет назад

Cross-site request forgery (CSRF) vulnerability exists in the User settings (/me) page of GROWI versions prior to v6.0.0. If a user views a malicious page while logging in, settings may be changed without the user's intention.

EPSS

Процентиль: 31%

0.00115

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352