Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PONTON X/P Messenger 跨站请求伪造漏洞
Vulnerability Description
PONTON X/P Messenger是德国PONTON公司的一种高度可配置的 ebXML、AS/1、AS /2、AS/3 和 AS/4 兼容的消息传递软件。 PONTON X/P Messenger 3.11.2 之前存在安全漏洞。该漏洞允许低权限用户(如操作员)的任意令牌用于确认高权限用户(如 xpadmin)的操作。
CVSS Information
N/A
Vulnerability Type
N/A