CVE-2018-0107 - AskarLabs CVE Database

CVE-2018-0107

Vendor N/A

Product Cisco Prime Service Catalog

Weakness CWE-352 · CSRF

Published January 18, 2018

Last update December 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCvg30313.

Key dates

02Disclosure timeline

January 18, 2018 CVE published

December 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-0107 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-31086 WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability CVE-2024-53718 WordPress Multi Feed Reader plugin <= 2.2.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability CVE-2024-12642 Chunghwa Telecom TenderDocTransfer - Arbitrary File Write CVE-2025-64226 WordPress Stockie Extra plugin <= 1.2.11 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-11641 VikBooking Hotel Booking Engine & PMS <= 1.7.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload