CVE-2014-3854

Pyplate - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the title parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Henri Salo · htmlwebappspython

https://www.exploit-db.com/exploits/39199

View Code ZIP pw:eip

References (2)

[Exploit] http://www.openwall.com/lists/oss-security/2014/05/14/3

[Mailing List] http://www.openwall.com/lists/oss-security/2014/05/23/1

Scores

EPSS 0.0036

EPSS Percentile 58.2%

Details

CWE

CWE-352

Status published

Products (1)

pyplate/pyplate 0.08

Published Aug 07, 2014

Tracked Since Feb 18, 2026