Lucene search

[email protected]NVD:CVE-2015-6966

HistorySep 16, 2015 - 2:59 p.m.

CVE-2015-6966

2015-09-1614:59:07

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a new_simple action to admin.php or (2) conduct cross-site scripting (XSS) attacks via the content parameter in a new_simple action to admin.php.

Affected configurations

Nvd

Node

nibbleblognibbleblogRange≤4.0.4

VendorProductVersionCPE
nibbleblognibbleblog*cpe:2.3:a:nibbleblog:nibbleblog:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nibbleblog	nibbleblog	*	cpe:2.3:a:nibbleblog:nibbleblog::::::::

References

blog.curesec.com/article/blog/NibbleBlog-403-CSRF-46.html

blog.nibbleblog.com/post/nibbleblog-v4-0-5/

seclists.org/fulldisclosure/2015/Sep/4

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.003

Percentile

70.3%

JSON

Related for NVD:CVE-2015-6966

cvelist1 prion1 cve1