Description
Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/MAPG-8R9LBY
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/722963
Scores
EPSS
0.0060
EPSS Percentile
44.6%
Details
CWE
CWE-352
Status
published
Products (1)
bloxx/web_filtering
< 5.0.13
Published
Jun 09, 2012
Tracked Since
Feb 18, 2026