In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XGroupsession
APPGroupsession< 5.3.0< 5.3.2< 5.3.3
Powiązane podatności
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and ...
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession...
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSessi...
Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession ...
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession b...