How severe is CVE-2024-2822?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2024-2822?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-2822 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2016-10865

MEDIUM

CVSS:6.1(Medium)

The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.

CWE-3522016

CVE-2016-11084

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.

CWE-3522016

CVE-2016-6158

MEDIUM

CVSS:6.1(Medium)

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrators...

CWE-3522016

CVE-2016-6642

MEDIUM

CVSS:6.1(Medium)

Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files.

CWE-3522016

CVE-2018-0444

MEDIUM

CVSS:6.1(Medium)

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the i...

CWE-3522018

CVE-2018-1432

MEDIUM

CVSS:6.1(Medium)

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML...

CWE-3522018