Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php.

Remediation

References

CVE-2012-0829

Related Vulnerabilities

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.5.30)

WordPress Plugin Store Locator Plus for WordPress Privilege Escalation (5.5.14)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-10160)

PHP Other Vulnerability (CVE-2003-0863)

Drupal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-6928)

Severity

Medium

Classification

CVE-2012-0829 CWE-352

Tags

Missing Update Known Vulnerabilities