Description

The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.

Remediation

References

CVE-2015-7364

Related Vulnerabilities

Lodash Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-1010266)

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

MediaWiki CVE-2022-28204 Vulnerability (CVE-2022-28204)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4133)

WordPress Plugin WordPress Gallery Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2015-7364 CWE-352

Tags

Missing Update Known Vulnerabilities