Lucene search
Veracode Vulnerability DatabaseVERACODE:38346HistoryDec 06, 2022 - 2:27 a.m.
Cross-Site Request Forgery (CSRF)
2022-12-0602:27:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
cross-site request forgery
csrf
request.php
craftcms
password hash disclosure
0.002 Low
EPSS
Percentile
53.7%
craftcms/cms is vulnerable to cross-site request forgery. The vulnerability exists because the CRAFT_CSRF_TOKEN cookie in Request.php gets improperly encoded, allowing an attacker to disclose the password hash through the HTML hidden field.
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftcms/cms | le | 3.7.32 | |
| craftcms/cms | le | 3.7.32 |
Related
prion
prion
Cross site request forgery (csrf)
2022-12-05 21:15:00
osv
osv
Craft CMS discloses password hashes
2022-12-05 21:30:41
CVE-2022-37783
2022-12-05 21:15:10
nvd
nvd
CVE-2022-37783
2022-12-05 21:15:10
cve
cve
CVE-2022-37783
2022-12-05 21:15:10
github
github
Craft CMS discloses password hashes
2022-12-05 21:30:41
cvelist
cvelist
CVE-2022-37783
2022-12-05 00:00:00