8.8
CVE-2022-36250
- EPSS 0.1%
- Veröffentlicht 30.05.2023 20:15:09
- Zuletzt bearbeitet 13.01.2025 21:15:09
- Quelle support@shopbeat.co.za
- CVE-Watchlists
- Unerledigt
LoginShop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Shopbeat ≫ Shop Beat Media Player HwPlatformarm Version >= 2.5.95 < 3.2.57
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.266 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.