CSRF 1
Presentation
A CSRF injection is possible in eonweb, the injection parameter is url. An authentificated user can access to a website from eoweb and/or can prompted someone to acces to this potential evil website. This is mostly similar as pishing. It is important to remind that at no time the supervision’s server is used as a proxy. For all those reasons, this exploit isn’t considered as a signficant threat.
Exploit
We have no knowledge of an exploit today.
Impacted Version(s)
EON 5.3 (All versions)
Fixed Version(s)
Not fixed.
Fix
Not fixed.