Lucene search

MitreCVE-2023-42188

HistoryOct 27, 2023 - 12:15 a.m.

CVE-2023-42188

2023-10-2700:15:09

CWE-352

mitre

web.nvd.nist.gov

icecms

v2.0.1

csrf vulnerability

cross site request forgery

cve-2023-42188

nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.8%

JSON

IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

Affected configurations

Nvd

Node

macwkicecmsMatch2.0.1

VendorProductVersionCPE
macwkicecms2.0.1cpe:2.3:a:macwk:icecms:2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macwk	icecms	2.0.1	cpe:2.3:a:macwk:icecms:2.0.1:::::::*

References

github.com/Thecosy/IceCMS/issues/17

topdayplus.github.io/2023/10/27/CVE-deatail/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

17.8%

JSON

Related for CVE-2023-42188