8.8
CVE-2016-4504
- EPSS 0.1%
- Veröffentlicht 21.03.2017 16:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginA Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Meteocontrol ≫ Weblog Version- SwEditionbasic_100
Meteocontrol ≫ Weblog Version- SwEditionlight
Meteocontrol ≫ Weblog Version- SwEditionpro
Meteocontrol ≫ Weblog Version- SwEditionpro_unlimited
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.253 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.