Vulnerability Description
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Magnolia-Cms | Magnolia Cms | < 6.2.4 |
Related Weaknesses (CWE)
References
- https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-MagnolRelease NotesVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46366-CSRF%2BOExploitThird Party Advisory
- https://docs.magnolia-cms.com/product-docs/6.2/Releases/Release-notes-for-MagnolRelease NotesVendor Advisory
- https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2021-46366-CSRF%2BOExploitThird Party Advisory
FAQ
What is CVE-2021-46366?
CVE-2021-46366 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate...
How severe is CVE-2021-46366?
CVE-2021-46366 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46366?
Check the references section above for vendor advisories and patch information. Affected products include: Magnolia-Cms Magnolia Cms.