Chialab & Channelweb: >> Bedita Security Vulnerabilities
Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to news/saveCategories or (2) modify credentials via a data array to admin/saveUser.
CVSS Score
6.8
EPSS Score
0.003
Published
2015-01-03
Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.
CVSS Score
4.3
EPSS Score
0.002
Published
2015-01-03