Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
Remediation
References
Related Vulnerabilities
Django Other Vulnerability (CVE-2015-3982)
MediaWiki CVE-2023-29139 Vulnerability (CVE-2023-29139)
Squid NULL Pointer Dereference Vulnerability (CVE-2023-46728)
WordPress Plugin Integration for HubSpot and WooCommerce Cross-Site Scripting (1.0.4)
WordPress Plugin Contact Form DB-Elementor Cross-Site Request Forgery (1.5)