Lucene search
PRIOn knowledge basePRION:CVE-2018-6824HistoryFeb 07, 2018 - 5:29 p.m.
Cross site request forgery (csrf)
2018-02-0717:29:00
PRIOn knowledge base
www.prio-n.com
3
Cozy version 2 has XSS allowing remote attackers to obtain administrative access via JavaScript code in the url parameter to the /api/proxy URI, as demonstrated by an XMLHttpRequest call with an βemail:β[emailΒ protected]ββ request, which can be followed by a password reset.
Related
cve
cve
CVE-2018-6824
2018-02-07 17:29:01
cvelist
cvelist
CVE-2018-6824
2018-02-07 17:00:00
nvd
nvd
CVE-2018-6824
2018-02-07 17:29:01
veracode
veracode
Remote Code Execution (RCE)
2018-12-12 03:59:24