Overview
- Description
- Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xavoc:xepan_cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9914E19A-AA03-472C-A220-19ECA8B34339",
"versionEndIncluding": "1.0.1"
},
{
"criteria": "cpe:2.3:a:xavoc:xepan_cms:1.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3727D106-ACAA-4FB0-A30F-CD663710F2D6"
},
{
"criteria": "cpe:2.3:a:xavoc:xepan_cms:1.0.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37772EEE-163C-4185-9933-7DCCB2C3D6E4"
}
],
"operator": "OR"
}
]
}
]