Lucene search

[email protected]CVE-2015-2701

HistoryMar 25, 2015 - 2:59 p.m.

CVE-2015-2701

2015-03-2514:59:06

CWE-352

[email protected]

web.nvd.nist.gov

cs-cart

4.2.4

csrf vulnerability

authentication hijacking

password change

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

Affected configurations

NVD

Node

cs-cartcs-cartMatch4.2.4

CPENameOperatorVersion
cs-cart:cs-cartcs-carteq4.2.4

CPE	Name	Operator	Version
cs-cart:cs-cart	cs-cart	eq	4.2.4

References

osvdb.org/show/osvdb/119632

www.exploit-db.com/exploits/36358

www.securityfocus.com/bid/72658

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2015-2701

prion1 cvelist1 nvd1