漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Magneto-lts vulnerable to Cross-Site Request Forgery
Vulnerability Description
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
OpenMage Magento Lts 跨站请求伪造漏洞
Vulnerability Description
OpenMage Magento Lts(Magento)是OpenMage组织的一个电子商务系统。 Magneto LTS 19.4.22之前版本、20.0.19之前版本存在跨站请求伪造漏洞,该漏洞源于在单击重置密码链接和用户提交新密码之间,密码重置表单容易受到跨站点请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A