Security Advisory

CVE-2021-29349

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-31 22:31:41

Last updated 2024-08-03 22:02:51

Assigner mitre

State PUBLISHED

Description

Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remove inbox-mail on the server. The application fails to validate the CSRF token for a POST request. An attacker can craft a module/multirecipientnotification/inbox.php pieform_delete_all_notifications request, which leads to removing all messages from a mailbox.

← Browse all CVEs View on cve.org ↗