CVE-2021-39198— OroCrm 跨站请求伪造漏洞

The disqualify lead action may be executed without CSRF token check

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L

跨站请求伪造(CSRF)

OroCrm 跨站请求伪造漏洞

OroCrm是美国Oro公司的一个开源客户关系管理 (Crm) 应用程序。用于跨多个渠道创建客户的 360° 视图、组织销售渠道、管理帐户和联系信息、与客户沟通、运行营销活动和跟踪活动绩效。 OroCRM存在安全漏洞，攻击者可利用该漏洞执行跨站点请求伪造（CSRF）攻击。

N/A

N/A