Unrated severityNVD Advisory· Published Jun 13, 2015· Updated Jun 17, 2026
CVE-2015-2954
CVE-2015-2954
Description
Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:igreks:milkystep_light:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:igreks:milkystep_light:*:*:*:*:*:*:*:*range: <=0.94
- (no CPE)range: <=0.94
cpe:2.3:a:igreks:milkystep_professional:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:igreks:milkystep_professional:*:*:*:*:*:*:*:*range: <=1.82
- (no CPE)range: <=1.82
- cpe:2.3:a:igreks:milkystep_professional_oem:*:*:*:*:*:*:*:*Range: <=1.82
Patches
Vulnerability mechanics
References
4- jvn.jp/en/jp/JVN12241436/index.htmlnvdVendor Advisory
- jvndb.jvn.jp/jvndb/JVNDB-2015-000079nvdVendor Advisory
- jvn.jp/en/jp/JVN12241436/995646/index.htmlnvd
- www.securityfocus.com/bid/75072nvd
News mentions
0No linked articles in our index yet.