CVE-2012-3343

medium

Published 2012-06-09 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.8

VIR risk

6.8

Description

Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
bloxx	web_filtering	`{"endIncluding":"5.0.13"}`

References

http://www.kb.cert.org/vuls/id/722963
http://www.kb.cert.org/vuls/id/MAPG-8R9LBY
http://www.kb.cert.org/vuls/id/722963
http://www.kb.cert.org/vuls/id/MAPG-8R9LBY

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.