cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-26296,https://securityvulnerability.io/vulnerability/CVE-2021-26296,Cross-Site Request Forgery (CSRF) vulnerability in Apache MyFaces,"In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.",Apache,Apache Myfaces Core,7.5,HIGH,0.0049299998208880424,false,,false,false,false,,,false,false,,2021-02-19T08:30:14.000Z,0