CVE-2018-11538

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of…

mitre·CWE-352·Published 2018-06-01

CVSS

—

EPSS

0.13

KEV

Exploits

cve.orgen

155 chars

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.

NVDen

155 chars

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.

NVDes

194 chars

servlet/UserServlet en SearchBlox 8.6.6 tiene Cross-Site Request Forgery (CSRF) mediante los parámetros u_name, u_passwd1, u_passwd2, role y X-XSRF-TOKEN POST debido a la omisión de tokens CSRF.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H