Lucene search

[email protected]NVD:CVE-2021-33396

HistoryFeb 15, 2023 - 10:15 p.m.

CVE-2021-33396

2023-02-1522:15:11

CWE-352

[email protected]

web.nvd.nist.gov

cve-2021-33396

cross site request forgery

baijiacms

index.php

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

27.0%

JSON

Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.

Affected configurations

Nvd

Node

baijiacms_projectbaijiacmsMatch4.1.4

VendorProductVersionCPE
baijiacms_projectbaijiacms4.1.4cpe:2.3:a:baijiacms_project:baijiacms:4.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
baijiacms_project	baijiacms	4.1.4	cpe:2.3:a:baijiacms_project:baijiacms:4.1.4:::::::*

References

github.com/baijiacms/baijiacmsV4/issues/7

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

27.0%

JSON

Related for NVD:CVE-2021-33396

osv1 cvelist1 cve2 prion1 nvd1