Vulnerability Details : CVE-2004-2403
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2004-2403
- cpe:2.3:a:yabb:yabb:2000-09-01:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:2000-09-11:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1_gold_-_sp_1:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.2:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1_gold_-_sp_1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:yabb:yabb:1_gold_release:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2403
1.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2403
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-2403
Jump to