exploitDog

CVE-2025-28355

Опубликовано: 18 апр. 2025

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none

Ссылки

https://github.com/Volmarg/personal-management-system
Product
https://github.com/Volmarg/personal-management-system/issues/149
Issue Tracking
https://github.com/abbisQQ/CVE-2025-28355/tree/main
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:personal-management-system:personal_management_system:1.4.65:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00065

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-cf79-3x47-jx24

CVSS3: 4.7

github

10 месяцев назад

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none

EPSS

Процентиль: 20%

0.00065

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-352