How severe is CVE-2021-32730?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2021-32730?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2021-32730 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. The problem has been patched in XWiki 12.10.5 and 13.2RC1. As a workaround, it is possible to apply the patch manually by modifying the `register_macros.vm` template.

Related Vulnerabilities

CVE-2016-4315

MEDIUM

CVSS:5.7(Medium)

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action ...

CWE-3522016

CVE-2017-14956

MEDIUM

CVSS:5.7(Medium)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local do...

CWE-3522017

CVE-2017-5528

MEDIUM

CVSS:5.7(Medium)

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of thi...

CWE-3522017

CVE-2019-14680

MEDIUM

CVSS:5.7(Medium)

The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.

CWE-3522019

CVE-2019-14683

MEDIUM

CVSS:5.7(Medium)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CWE-3522019

CVE-2019-7730

MEDIUM

CVSS:5.7(Medium)

MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.

CWE-3522019