vendor:
razor
by:
ppb
8.8
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: razor
Affected Version From: 0.72
Affected Version To: 0.72
Patch Exists: YES
Related CWE: CVE-2018-7746
CPE: a:cobub:razor:0.72
Platforms Tested:
2018
Cobub Razor 0.7.2 Cross Site Request Forgery
There is a vulnerability. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
Mitigation:
Implement proper authentication and authorization mechanisms. Validate and sanitize user inputs to prevent XSS attacks.