Description
A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01
Scores
CVSS v3
8.8
EPSS
0.0049
EPSS Percentile
38.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (2)
meteocontrol/weblog
(4 CPE variants)
n/a/Meteocontrol WEB'log
Meteocontrol WEB'log
Published
Mar 21, 2017
Tracked Since
Feb 18, 2026