PT-2021-11451 · Mydbr · Mydbr
Published
2021-03-15
·
Updated
2021-03-24
·
CVE-2020-28149
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
myDBR version 5.8.3/4262
Description:
The issue allows for Cross Site Scripting (XSS) with the impact of executing arbitrary code remotely. The component affected is the CSRF Token, and the attack vector involves CSRF token injection to achieve XSS.
Recommendations:
For myDBR version 5.8.3/4262, consider disabling the CSRF Token component temporarily until a patch is available to prevent CSRF token injection and potential XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mydbr