CVE-2013-2628
idleman leed <1.4 - Cross-Site Request Forgery in action.php
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
References (3)
Core 3
Core References
Exploit mailing-list
x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Dec/107
Exploit x_refsource_misc
http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101154
Scores
EPSS
0.0069
EPSS Percentile
48.4%
Details
CWE
CWE-352
Status
published
Products (1)
idleman/leed
< 1.4
Published
Dec 21, 2013
Tracked Since
Feb 18, 2026