Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.tenable.com/security/research/tra-2023-8 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: tenable
Published: 2023-02-28T00:00:00
Updated: 2024-08-02T12:09:43.379Z
Reserved: 2023-02-27T00:00:00
Link: CVE-2023-27295
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-02-28T17:15:11.547
Modified: 2023-03-04T04:02:33.297
Link: CVE-2023-27295
Redhat
No data.