Description

A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.

Remediation

References

CVE-2018-10899

Related Vulnerabilities

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.12)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27149)

WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)

WordPress Plugin 404 SEO Redirection Cross-Site Scripting (1.3)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing Arbitrary File Upload (1.2.1)

Severity

High

Classification

CVE-2018-10899 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities