Description

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

Remediation

References

CVE-2023-28335

Related Vulnerabilities

WordPress Plugin User Activity Log Multiple Cross-Site Scripting Vulnerabilities (1.4.6)

ownCloud Other Vulnerability (CVE-2013-2089)

WordPress Plugin WP Fastest Cache SQL Injection (0.8.7.4)

Apache Tomcat Off-by-one Error Vulnerability (CVE-2023-28709)

Django Resource Management Errors Vulnerability (CVE-2015-5963)

Severity

High

Classification

CVE-2023-28335 CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities