CVE-2008-3716
Harmoni < 1.6.0 - Cross-Site Request Forgery via Save or Delete Action
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6427
Product x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=619864
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30706
Product x_refsource_confirm
http://sourceforge.net/tracker/index.php?func=detail&aid=2040513&group_id=82171&atid=1098812
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44483
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31503
Scores
EPSS
0.0056
EPSS Percentile
42.6%
Details
CWE
CWE-352
Status
published
Products (45)
harmoni/harmoni
0.0.2
harmoni/harmoni
0.0.3
harmoni/harmoni
0.0.4
harmoni/harmoni
0.0.5
harmoni/harmoni
0.1.0
harmoni/harmoni
0.2.0
harmoni/harmoni
0.3.0
harmoni/harmoni
0.3.1
harmoni/harmoni
0.3.2
harmoni/harmoni
0.5.1
... and 35 more
Published
Aug 19, 2008
Tracked Since
Feb 18, 2026