CVE-2019-17432

2019-10-1012:15:09

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.4%

JSON

An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.

CPENameOperatorVersion
fastadmineq0.1.0.20170721_beta
fastadmineq1.0.0.20180406_beta
fastadmineq1.0.0.20180506_beta
fastadmineq1.0.0.20181210_beta
fastadmineq1.0.0.20190705_beta
fastadmineq1.0.0.20180308_beta
fastadmineq1.0.0.20180310_beta
fastadmineq1.0.0.20180618_beta
fastadmineq1.0.0.20190111_beta
fastadmineq1.0.0.20180204_beta

Name	Operator	Version
fastadmin	eq	0.1.0.20170721_beta
fastadmin	eq	1.0.0.20180406_beta
fastadmin	eq	1.0.0.20180506_beta
fastadmin	eq	1.0.0.20181210_beta
fastadmin	eq	1.0.0.20190705_beta
fastadmin	eq	1.0.0.20180308_beta
fastadmin	eq	1.0.0.20180310_beta
fastadmin	eq	1.0.0.20180618_beta
fastadmin	eq	1.0.0.20190111_beta
fastadmin	eq	1.0.0.20180204_beta