NVD

Id
25290  
Name
CVE-2015-3624  
Description
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.  
Reject
 
CVSS Version
2  
CVSS Score
5.8  
Severity
Medium  
CVSS Base Score
5.8  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-06-09  
Modified Date
2016-12-05  
Seq
2015-3624  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
133827 25290 CVE-2015-3624 http://packetstormsecurity.com/files/132104/Ektron-CMS-9.10-SP1-Cross-Site-Request-Forgery.html  View
133828 25290 CVE-2015-3624 http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/  View
133829 25290 CVE-2015-3624 20150531 Ektron CMS 9.10 SP1 - CSRF Vulnerability  View
133830 25290 CVE-2015-3624 74937  View
133831 25290 CVE-2015-3624 37296  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7717 JVNDB-2015-003037 Ektron Content Management System の Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx におけるクロスサイトリクエストフォージェリの脆弱性 Ektron Content Management System (CMS) の Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2015-3624 80849 CVE-2015-3624 25290 5.8 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003037.html 2015-05-31 2015-06-12 View