Description

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

Remediation

References

CVE-2020-7993

Related Vulnerabilities

Django Resource Management Errors Vulnerability (CVE-2015-5963)

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)

WordPress Plugin NextMove Lite-Thank You Page for WooCommerce Security Bypass (2.17.0)

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)

WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Multiple Cross-Site Scripting Vulnerabilities (9.7.3)

Severity

Medium

Classification

CVE-2020-7993 CWE-269 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities