CVE-2019-13056

HIGH

CyberPanel < 1.8.4 - Cross-Site Request Forgery on User Edit Page

Title source: llm
STIX 2.1

Description

An issue was discovered in CyberPanel through 1.8.4. On the user edit page, an attacker can edit the administrator's e-mail and password because of the lack of CSRF protection.

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://cyberpanel.net/category/news/

Scores

CVSS v3 8.8
EPSS 0.0084
EPSS Percentile 53.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
cyberpanel/cyberpanel < 1.8.4
Published Jul 02, 2019
Tracked Since Feb 18, 2026