CVE-2019-20077

The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
typesettercmstypesetter
5.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fatihhcelik.blogspot.com/2019/12/typesetter-cms-51-logout-csrf_30.html
https://fatihhcelik.blogspot.com/2019/12/typesetter-cms-51-logout-csrf_30.html