Skip to main content

Monorail

3 CVEs product

Monthly

CVE-2018-19335 MEDIUM POC PATCH This Month

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-19334 MEDIUM POC PATCH This Month

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-10099 MEDIUM POC PATCH This Month

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.3%
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy