Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Typesetter 跨站请求伪造漏洞
Vulnerability Description
Typesetter是一套免费的CMS(内容管理系统)。 Typesetter 5.1版本中的User Permissions页面(又名Admin/Users)存在跨站请求伪造漏洞,该漏洞源于缺少anti-CSRF令牌。远程攻击者可通过发送伪造的HTTP请求利用该漏洞创建/删除或更改用户账户。
CVSS Information
N/A
Vulnerability Type
N/A