Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.
oryginał ENCVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:NFreenas
APPFreenas0.69.1≤ 0.69.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje
Powiązane podatności
CVE-2014-5334CRITICAL9.8ten sam produkt
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by lev...
CVE-2009-2739MEDIUM4.3ten sam produkt
Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary ...