CVE Published: 16/01/2024 |
CVE Updated: 01/08/2024 |
CVE Year: 2024 Source: INCIBE |
Vendor: Full Compass Systems |
Product: WIC1200 Status : PUBLISHED
CVE-2024-0555 Description
A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.
Metrics
CVSS Version: 3.1 |
Base Score: 4.6 MEDIUM Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L