The assigned CWE-79: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" by CISA-ADP does not address the root cause weakness.
More appropriate:
CWE-352: Cross-Site Request Forgery (CSRF)
CWE Assignment Report
Original Vulnerability Description
CVE ID: CVE-2024-36670
Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del.
Extracted Key Phrases
WEAKNESS
PRODUCT
COMPONENT
VERSION
ATTACKER
IMPACT
VECTOR
ROOTCAUSE
Cross-Site Request Forgery (CSRF)
idccms
admin/vpsClass_deal.php?mudi=del
v1.35
Unauthorized user
Potential unauthorized actions
Web request
Lack of proper CSRF token validation
Chain
The vulnerability in idccms v1.35 is rooted in the lack of proper CSRF token validation. This weakness allows an unauthorized user to exploit the Cross-Site Request Forgery (CSRF) vulnerability via the component admin/vpsClass_deal.php?mudi=del, potentially leading to unauthorized actions being performed.
Assigned CWEs
CWE ID
CWE Name
CWE Description
CWE Abstraction Level
CWE Vulnerability Mapping Label
CWE -Vulnerability Mapping Notes
CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or incorrectly, neutralizes the effects of a forged request by checking for an unpredictable token and thus allows CSRF attacks.
Composite
ALLOWED
This vulnerability allows attackers to execute actions on behalf of authenticated users.
Similar CVEs from Observed Examples
CWE ID
CVE-ID
CVE-Description
NVD-CWE-Other
CVE-2002-1648
Cross-Site Request Forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
CWE-352
CVE-2002-2426
Cross-Site Request Forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
CWE-352
CVE-2004-1967
Cross-Site Request Forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
CWE-352
CVE-2004-1842
Cross-Site Request Forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
CWE-352
CVE-2004-1995
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.
NVD-CWE-Other
CVE-2004-2364
Cross-Site Request Forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
NVD-CWE-Other
CVE-2004-2403
Cross-Site Request Forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
NVD-CWE-Other
CVE-2005-0535
Cross-Site Request Forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
CWE-352
CVE-2005-1674
Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.
CWE-352
CVE-2005-1947
Cross-Site Request Forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.
Similar CVEs from Top 25 CWE Mappings
CWE ID
CVE-ID
CVE Description
CWE-352
CVE-2021-24410
The ?????? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitize or escape them when outputting them back in the page. This could allow attackers to make a logged-in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues.
CWE-352
CVE-2022-0439
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajax_fetch_report_list action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged-in user to perform the action by clicking a link.
🐛 Summary
The assigned CWE-79: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" by CISA-ADP does not address the root cause weakness.
https://github.com/cisagov/vulnrichment/blob/b2f8b79bb744955ca3c1dc6eb61c4be01f53901f/2024/36xxx/CVE-2024-36670.json#L118
More appropriate: CWE-352: Cross-Site Request Forgery (CSRF)
CWE Assignment Report
Original Vulnerability Description
CVE ID: CVE-2024-36670
Description: idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del.
Extracted Key Phrases
Chain
The vulnerability in idccms v1.35 is rooted in the lack of proper CSRF token validation. This weakness allows an unauthorized user to exploit the Cross-Site Request Forgery (CSRF) vulnerability via the component admin/vpsClass_deal.php?mudi=del, potentially leading to unauthorized actions being performed.
Assigned CWEs
Similar CVEs from Observed Examples
Similar CVEs from Top 25 CWE Mappings
orderandorderbyparameters to theajax_fetch_report_listaction, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protection in place for the action, allowing an attacker to trick any logged-in user to perform the action by clicking a link.