Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create a new administrator via a new_admin action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pacifictimesheet | Pacific Timesheet | 6.74 |
Related Weaknesses (CWE)
References
- http://cross-site-scripting.blogspot.com/2010/05/pacific-timesheet-674-cross-sitVendor Advisory
- http://osvdb.org/64924
- http://secunia.com/advisories/39951Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58934
- http://cross-site-scripting.blogspot.com/2010/05/pacific-timesheet-674-cross-sitVendor Advisory
- http://osvdb.org/64924
- http://secunia.com/advisories/39951Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58934
FAQ
What is CVE-2010-2111?
CVE-2010-2111 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in user/user-set.do in Pacific Timesheet 6.74 build 363 allows remote attackers to hijack the authentication of administrators for requests that create ...
How severe is CVE-2010-2111?
CVE-2010-2111 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2111?
Check the references section above for vendor advisories and patch information. Affected products include: Pacifictimesheet Pacific Timesheet.