Lucene search

@huntrdevCVELIST:CVE-2023-1033

HistoryFeb 25, 2023 - 12:00 a.m.

CVE-2023-1033 Cross-Site Request Forgery (CSRF) in froxlor/froxlor

2023-02-2500:00:00

CWE-352

@huntrdev

www.cve.org

cve-2023-1033

cross-site request forgery

github

froxlor/froxlor

version 2.0.11

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

0.001 Low

EPSS

Percentile

34.5%

JSON

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.

CNA Affected

[
  {
    "vendor": "froxlor",
    "product": "froxlor/froxlor",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.0.11",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/froxlor/froxlor/commit/4003a8d2b60728a77476d1d4f5aa5c635f128950

huntr.dev/bounties/ba3cd929-8b60-4d8d-b77d-f28409ecf387