Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destructive controller actions, a different vulnerability than CVE-2010-5087.

Remediation

References

CVE-2010-5088

Related Vulnerabilities

WordPress Plugin Mail Queue Cross-Site Scripting (1.1)

WordPress Plugin ELEX WooCommerce Google Shopping (Google Product Feed) Cross-Site Scripting (1.2.3)

WordPress Plugin UserPro-Community and User Profile Security Bypass (4.9.17)

Oracle Application Server CVE-2008-2614 Vulnerability (CVE-2008-2614)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14748)

Severity

Medium

Classification

CVE-2010-5088 CWE-352

Tags

Missing Update Known Vulnerabilities