Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and previous versions allows remote malicious users to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xavoc xepan cms 1.0.4 |
||
xavoc xepan cms |
||
xavoc xepan cms 1.0.4.1 |