vendor:
FeedSmith
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: FeedSmith
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: NO
Related CWE:
CPE: a:feedburner:feedsmith:2.2
Platforms Tested:
Unknown
Cross-Site Request Forgery in FeedBurner FeedSmith
The FeedBurner FeedSmith plugin is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to use a victim's currently active session to perform actions with the application. The vulnerability can be exploited by sending a malicious request to the affected application.
Mitigation:
To mitigate this vulnerability, it is recommended to update to the latest version of the FeedBurner FeedSmith plugin or remove the plugin if it is not necessary.