CVE-2021-37366

{"id": "CVE-2021-37366", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-08-10T17:15:10.730", "references": [{"url": "https://gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75a", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gitlab.com/marsat/CTparental/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75a", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://gitlab.com/marsat/CTparental/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users."}, {"lang": "es", "value": "CTparental versiones anteriores a 4.45.03, es vulnerable a un ataque de tipo cross-site request forgery (CSRF) en el panel de administraci\u00f3n de CTparental. Al combinar un ataque de tipo CSRF con uno de tipo XSS, un atacante puede enga\u00f1ar al administrador para que haga clic en un enlace que cancele el filtrado para todos los usuarios est\u00e1ndar"}], "lastModified": "2024-11-21T06:15:01.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ctparental_project:ctparental:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310B3E76-B036-45D5-B5B8-FC1A9DC134C6", "versionEndExcluding": "4.45.03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}