[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request: CSRF in Realms Wiki
From:       Javantea <jvoss () altsci ! com>
Date:       2015-03-30 1:47:57
Message-ID: 20150330014757.7099C13859E () mail ! altsci ! com
[Download RAW message or body]

Hello,

Realms Wiki is vulnerable to Cross-Site Request Forgery on all posts. Especially of concern are \
New, Edit, and Revert. This is unpatched but the author has responded that he intends to fix \
the bugs when he has the time. At the same time I found a remote code execution vulnerability \
which I will be asking for a separate CVE for.

Product:  Realms Wiki
Website:  http://realms.io/
Github:   https://github.com/scragg0x/realms-wiki
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:C/A:N)

References:
[1] http://seclists.org/fulldisclosure/2015/Mar/152
[2] https://twitter.com/scragg0x/status/581602868802682881

Could you allocate a CVE id for this?

Thank you and Regards, Javantea.


[prev in list] [next in list] [prev in thread] [next in thread]