Lucene search

K
cve[email protected]CVE-2015-2701
HistoryMar 25, 2015 - 2:59 p.m.

CVE-2015-2701

2015-03-2514:59:06
CWE-352
web.nvd.nist.gov
21
cs-cart
4.2.4
csrf vulnerability
authentication hijacking
password change

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 allows remote attackers to hijack the authentication of users for requests that change a user password via a request to profiles-update/.

Affected configurations

NVD
Node
cs-cartcs-cartMatch4.2.4
CPENameOperatorVersion
cs-cart:cs-cartcs-carteq4.2.4

7.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

Related for CVE-2015-2701