exploitDog

CVE-2023-38885

Опубликовано: 20 нояб. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

Ссылки

https://github.com/OS4ED/openSIS-Classic
Release Notes
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885
Vendor Advisory
https://www.os4ed.com/
Product
https://github.com/OS4ED/openSIS-Classic
Release Notes
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885
Vendor Advisory
https://www.os4ed.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*

EPSS

Процентиль: 50%

0.00273

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-3v76-qg7g-rx9c

CVSS3: 8.8

github

около 2 лет назад

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

EPSS

Процентиль: 50%

0.00273

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

CWE-352