Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.
References
Link | Resource |
---|---|
https://blog.bssi.fr/multiple-vulnerabilities-within-epson-eps-tse-server-8/#vulnerability-3 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-12-16 13:15
Updated : 2020-12-17 07:32
NVD link : CVE-2020-28931
Mitre link : CVE-2020-28931
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
epson
- eps_tse_server_8
- eps_tse_server_8_firmware