exploitDog

GHSA-g2vc-w9mc-h6ch

Опубликовано: 25 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

Ссылки

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2025-46547

CVSS3: 5.4

nvd

10 месяцев назад

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352