Cross site request forgery (csrf)

2012-08-2516:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.1%

JSON

M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

CPENameOperatorVersion
m-linkeq15.1
m-linkeq14.6

CPE	Name	Operator	Version
	m-link	eq	15.1
	m-link	eq	14.6

References

isode.com/company/wordpress/xmpp-server-dialback/

xmpp.org/resources/security-notices/server-dialback/