Описание
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| questing | DNE |
Показывать по
10
EPSS
Процентиль: 18%
0.00057
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
почти 2 года назад
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.
CVSS3: 7.5
debian
почти 2 года назад
Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and befor ...
CVSS3: 7.5
github
почти 2 года назад
Dolibarr vulnerable to Cross-Site Request Forgery
EPSS
Процентиль: 18%
0.00057
Низкий
7.5 High
CVSS3