2 matches found
CVE-2019-7281
Prima Systems FlexAir, Versions 2.3.38 and prior. An unauthenticated user can send unverified HTTP requests, which may allow the attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website...
CVE-2019-7281
CVE-2019-7281 affects Prima Systems FlexAir (versions 2.3.38 and earlier). The vulnerability is CSRF: an unauthenticated user can cause unverified HTTP requests that may let an attacker perform actions with administrative privileges when a logged-in user visits a malicious site. The ICSA advisory...