exploitDog

GHSA-q28j-qr7m-gpf6

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 6.9

Описание

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

Ссылки

EPSS

Процентиль: 7%

0.00027

Низкий

6.9 Medium

CVSS4

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-47723

nvd

2 месяца назад

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

EPSS

Процентиль: 7%

0.00027

Низкий

6.9 Medium

CVSS4

CVE ID

Дефекты

CWE-352