exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2019-15062

больше 6 лет назад

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

CVSS3: 8

EPSS: Низкий

CVE-2019-15062

больше 6 лет назад

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

CVSS3: 8

EPSS: Низкий

CVE-2019-15062

больше 6 лет назад

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an ...

CVSS3: 8

EPSS: Низкий

GHSA-4qq9-qg7j-fcm9

больше 3 лет назад

Dolibarr Cross-Site Request Forgery (CSRF)

CVSS3: 8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2019-15062 An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)	CVSS3: 8	0% Низкий	больше 6 лет назад
CVE-2019-15062 An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)	CVSS3: 8	0% Низкий	больше 6 лет назад
CVE-2019-15062 An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an ...	CVSS3: 8	0% Низкий	больше 6 лет назад
GHSA-4qq9-qg7j-fcm9 Dolibarr Cross-Site Request Forgery (CSRF)	CVSS3: 8	0% Низкий	больше 3 лет назад

Уязвимостей на страницу