7.8 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.2%
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.
packetstormsecurity.com/files/125735
seclists.org/fulldisclosure/2014/Mar/270
seclists.org/fulldisclosure/2014/May/68
www.revive-adserver.com/security/revive-sa-2014-001/
www.securityfocus.com/archive/1/532108/100/0/threaded
www.securityfocus.com/bid/66251
exchange.xforce.ibmcloud.com/vulnerabilities/91889