Cross-site Request Forgery (CSRF) in Webjaxe
Advisory ID: | HTB22927 |
Product: | Webjaxe |
Vendor: | Webjaxe |
Vulnerable Versions: | 1.02 and probably prior |
Tested Version: | 1.02 |
Advisory Publication: | March 29, 2011 [without technical details] |
Vendor Notification: | March 29, 2011 |
Public Disclosure: | April 12, 2011 |
Vulnerability Type: | Cross-Site Request Forgery [CWE-352] |
CVE Reference: | CVE-2011-1721 |
Risk Level: | Medium |
CVSSv2 Base Score: | 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) |
Solution Status: | Fixed by Vendor |
Discovered and Provided: | High-Tech Bridge Security Research Lab |
Advisory Details: | |
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webjaxe which could be exploited to perform cross-site request forgery attacks. | |
Solution: | |
Upgrade to Webjaxe 1.4 | |
References: | |
[1] High-Tech Bridge Advisory HTB22927 - https://www.immuniweb.com/advisory/HTB22927 - Cross-site Request Forgery (CSRF) in Webjaxe [2] Webjaxe - http://media4.obspm.fr/outils/webjaxe/en/ - WebJaxe is a free CMS, to create websites with a web user interface. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. | |
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.