Main Vulnerability Database Vulnerabilities #VU17861

Cross-site request forgery in FormCraft - CVE-2019-5920

Published: February 26, 2019 / Updated: July 26, 2019

Vulnerability identifier: #VU17861

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5920

CWE-ID: CWE-352

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: nCrafts

Affected software:
FormCraft

Detailed vulnerability description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as generat new forms, insert JavaScript code to existing forms, and delete existing forms.

How to mitigate CVE-2019-5920

Install updates from vendor's website.

Sources

https://jvn.jp/en/jp/JVN83501605/index.html

Cross-site request forgery in FormCraft - CVE-2019-5920

Detailed vulnerability description

How to mitigate CVE-2019-5920

Sources

Please verify you're human