How severe is CVE-2019-15062?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2019-15062?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2019-15062 - HIGH Severity | CVSS 8

Vulnerability Description

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element (containing a user/card.php CSRF request) in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. (The protection mechanism for CSRF is to check the Referer header; however, because the attack is from one of the application's own settings pages, this mechanism is bypassed.)

Related Vulnerabilities

CVE-2014-100005

HIGH

CVSS:8.0(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for req...

CWE-3522014

CVE-2015-2142

HIGH

CVSS:8.0(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause...

CWE-3522015

CVE-2015-4630

HIGH

CVSS:8.0(High)

Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack th...

CWE-3522015

CVE-2015-7284

HIGH

CVSS:8.0(High)

Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users.

CWE-3522015

CVE-2015-7925

HIGH

CVSS:8.0(High)

Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware u...

CWE-3522015

CVE-2015-8152

HIGH

CVSS:8.0(High)

Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for ...

CWE-3522015