CVE: CVE-2005-2059

Export to Word

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00325
Percentile: 0.54885

CVSS Scoring

CVSS v3.1 Score: 6.5

Severity: MEDIUM

Mapped CWE(s)

CWE-352 : Cross-Site Request Forgery (CSRF)

All CAPEC(s)

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
CAPEC-462: Cross-Domain Search Timing
CAPEC-467: Cross Site Identification
CAPEC-62: Cross Site Request Forgery

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

cpe:2.3:a:ubbcentral:ubb.threads:*:*:*:*:*:*:*:*

← Back to Home