Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-11-02T19:00:00

Updated: 2024-08-06T06:50:02.658Z

Reserved: 2015-07-16T00:00:00

Link: CVE-2015-5534

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-11-02T19:59:13.187

Modified: 2024-11-21T02:33:13.350

Link: CVE-2015-5534

cve-icon Redhat

No data.