CVE-2016-15009 LOW

CVE-2016-15009: OpenACS bug-tracker Search nav-bar.adp cross-site request forgery

Vendor Openacs

Product bug-tracker

Weakness CWE-352 · CSRF

Published January 5, 2023

Last update November 25, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is aee43e5714cd8b697355ec3bf83eefee176d3fc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217440.

Key dates

02Disclosure timeline

January 5, 2023 CVE published

November 25, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2016-15009 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-31385 WordPress Site Table of Contents plugin <= 0.3 - CSRF to Stored XSS vulnerability CVE-2025-0393 Royal Elementor Addons and Templates <= 1.7.1006 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2025-57902 WordPress RIS Version Switcher – Downgrade or Upgrade WP Versions Easily Plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2022-2233 Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting CVE-2024-51489 Insufficient Message Token Validation in Ampache