Cross-site request forgery in Joomla! - CVE-2017-9934
Published: July 4, 2017
Vulnerability identifier: #VU7317
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-9934
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Joomla!
Affected software:
Joomla!
Joomla!
Detailed vulnerability description
The vulnerability allows a remote attacker to perform CSRF attack.
The vulnerability exists due to missing CSRF token. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary HTML and JavaScript code in victim's browser in context of vulnerable website.
The vulnerability exists due to missing CSRF token. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary HTML and JavaScript code in victim's browser in context of vulnerable website.
How to mitigate CVE-2017-9934
Update to version 3.7.3.