Lucene search

GitHub Advisory DatabaseGHSA-3X3W-VCJX-7796

HistoryJun 08, 2022 - 12:00 a.m.

Cross-Site Request Forgery in easyii CMS

2022-06-0800:00:41

CWE-352

GitHub Advisory Database

github.com

vulnerability

easyii cms

cross-site request forgery

/admin/sign/out

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.8%

JSON

A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected configurations

Vulners

Node

noumoeasyiiRange≤0.9

VendorProductVersionCPE
noumoeasyii*cpe:2.3:a:noumo:easyii:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
noumo	easyii	*	cpe:2.3:a:noumo:easyii::::::::

References

github.com/advisories/GHSA-3x3w-vcjx-7796

github.com/noumo/easyii/issues/222

nvd.nist.gov/vuln/detail/CVE-2020-36534

vuldb.com/?id.160278

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

40.8%

JSON

Related for GHSA-3X3W-VCJX-7796