Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2015-11-02T19:00:00
Updated: 2024-08-06T06:50:02.658Z
Reserved: 2015-07-16T00:00:00
Link: CVE-2015-5534
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-11-02T19:59:13.187
Modified: 2024-11-21T02:33:13.350
Link: CVE-2015-5534
Redhat
No data.