memos cross-site request forgery | CVE-2022-4848

DESCRIPTION

memos is vulnerable to cross-site request forgery, caused by improper verification of the source of a communication channel. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change users’ passwords or other information. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVSS 3.0 Information

Privileges Required: None
User Interaction: None
Scope: Unchanged
Access Vector: Network

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

To keep up to date follow us on the below channels.

Click Above for Telegram

Click Above for Discord

Click Above for Reddit

Click Above For LinkedIn
NAME

memos cross-site request forgery
- Platforms Affected:
- Risk Level:
  8.6
- Exploitability:
  Proof of Concept
- Consequences:
  Gain Access
DESCRIPTION

memos is vulnerable to cross-site request forgery, caused by improper verification of the source of a communication channel. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to change users’ passwords or other information. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
  
  A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
  
  If you like the site, please support us on Patreon using the button below
  
  To keep up to date follow us on the below channels.
  
  Click Above for Telegram
  
  Click Above for Discord
  
  Click Above for Reddit
  
  Click Above For LinkedIn
  
  Continue Reading
  
  Previous Qualcomm BIOS buffer overflow | CVE-2022-40516
  Next Froxlor security bypass | CVE-2022-4868

memos cross-site request forgery | CVE-2022-4848

DESCRIPTION

NAME

DESCRIPTION

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments

DESCRIPTION

NAME

DESCRIPTION

You may have missed

CISA: Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation

CISA: JCDC’s Industry-Government Collaboration Speeds Mitigation of CrowdStrike IT Outage

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments