CVE-2016-4504

HIGH

Meteocontrol WEB'log - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generated per page or per function.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-133-01

Scores

CVSS v3 8.8
EPSS 0.0049
EPSS Percentile 38.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (2)
meteocontrol/weblog (4 CPE variants)
n/a/Meteocontrol WEB'log Meteocontrol WEB'log
Published Mar 21, 2017
Tracked Since Feb 18, 2026