NVD

Id
35888  
Name
CVE-2014-9101  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-11-26  
Modified Date
2015-02-18  
Seq
2014-9101  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
183727 35888 CVE-2014-9101 http://packetstormsecurity.com/files/127652/Oxwall-1.7.0-Cross-Site-Request-Forgery-Cross-Site-Scripting.html  View
183728 35888 CVE-2014-9101 http://packetstormsecurity.com/files/127690/SkaDate-Lite-2.0-CSRF-Cross-Site-Scripting.html  View
183729 35888 CVE-2014-9101 34190  View
183730 35888 CVE-2014-9101 68971  View
183731 35888 CVE-2014-9101 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5195.php  View
183732 35888 CVE-2014-9101 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5197.php  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16813 JVNDB-2014-005688 Oxwall および SkaDate Lite におけるクロスサイトリクエストフォージェリの脆弱性 Oxwall および SkaDate Lite には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2014-9101 76394 CVE-2014-9101 35888 6.8 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005688.html 2014-07-28 2014-12-01 View