CSRF Vulnerability in SearchBlox 8.6.6 UserServlet

CVE-2018-11538 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.

Learn more about our User Device Pen Test.