2 matches found
CVE-2022-23475
daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting XSS and cross site request forgery CSRF vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in...
CVE-2022-23475
CVE-2022-23475 affects daloRADIUS (versions 1.3 and prior). The issue is a combined XSS and CSRF vulnerability in the mng-del.php flow caused by an unescaped variable reflected in the DOM (line 116), enabling account takeover. The vulnerability has been addressed in commit ec3b4a419e; mitigation ...