Cross site request forgery (csrf)

2012-02-1400:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.

CPENameOperatorVersion
mibew_messengereq1.4.2
mibew_messengereq1.6.2
mibew_messengereq1.6.1
mibew_messengereq1.0.6
mibew_messengereq1.5.2
mibew_messengereq1.0.10
mibew_messengerle1.6.4
mibew_messengereq1.0.8
mibew_messengereq1.5.0
mibew_messengereq1.4.0

Name	Operator	Version
mibew_messenger	eq	1.4.2
mibew_messenger	eq	1.6.2
mibew_messenger	eq	1.6.1
mibew_messenger	eq	1.0.6
mibew_messenger	eq	1.5.2
mibew_messenger	eq	1.0.10
mibew_messenger	le	1.6.4
mibew_messenger	eq	1.0.8
mibew_messenger	eq	1.5.0
mibew_messenger	eq	1.4.0

Rows per page:

1-10 of 161

References

archives.neohapsis.com/archives/bugtraq/2012-01/0178.html

secunia.com/advisories/47787

www.codseq.it/advisories/mibew_messenger_multiple_xss

www.openwall.com/lists/oss-security/2012/02/02/10

www.securityfocus.com/bid/51723

exchange.xforce.ibmcloud.com/vulnerabilities/72822