Advertisement






donaldtrump website Cross site request forgery(CSRF)

CVE Category Price Severity
CVE-2021-12345 CWE-352 $500 Critical
Author Risk Exploitation Type Date
John Doe High Remote 2020-06-02
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020060009

Below is a copy:

donaldtrump website Cross site request forgery(CSRF)
# Exploit Title: Cross-site request forgery > donaldjtrump.com
# Discovery by: Elsfa7-110
# Date: 2020-06-02
URL:https://www.donaldjtrump.com/contact/

Issue detail :
The application suffers from multiple CSRF and XSS vulnerabilities. The application
allows users to perform certain actions via HTTP requests without performing any validity
checks to verify the requests. This can be exploited to perform certain actions with
administrative privileges if a logged-in user visits a malicious web site. Input passed
to several GET/POST parameters is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session
in context of an affected site.

Vulnerability classifications :
https://cwe.mitre.org/data/definitions/352.html

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.