How severe is CVE-2019-13930?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2019-13930?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2019-13930 - HIGH Severity | CVSS 8.1

Vulnerability Description

A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known.

Related Vulnerabilities

CVE-2015-9455

HIGH

CVSS:8.1(High)

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.

CWE-3522015

CVE-2017-1000504

HIGH

CVSS:8.1(High)

A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after ...

CWE-3522017

CVE-2017-8099

HIGH

CVSS:8.1(High)

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

CWE-3522017

CVE-2017-9963

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 ...

CWE-3522017

CVE-2018-1000414

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing con...

CWE-3522018

CVE-2018-1000417

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.

CWE-3522018