3 matches found
CVE-2021-45886
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user such as operator can be used to confirm actions of higher-privileged ones such...
CVE-2021-45886
creationtimestamp| type| source ---|---|--- 2022-03-13 07:16:35+00:00| seen| https://t.me/cibsecurity/38842...
CVE-2021-45886
CVE-2021-45886 concerns PONTON X/P Messenger before 3.11.2. The flaw is that anti-CSRF tokens are globally valid, creating a weakened CSRF condition where an arbitrary token from a low-privilege user (e.g., operator) can be used to confirm actions of a higher-privilege user (e.g., xpadmin). The p...