CVE-2013-5954

25.04.2014, 14:15

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.

CSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
revive-adserver	revive_adserver	𝑥 ≤ 3.0.4
openx	openx	𝑥 ≤ 2.8.11
openx	openx	2.8
openx	openx	2.8.1
openx	openx	2.8.2
openx	openx	2.8.3
openx	openx	2.8.4
openx	openx	2.8.5
openx	openx	2.8.6
openx	openx	2.8.7
openx	openx	2.8.8
openx	openx	2.8.9
openx	openx	2.8.10