exploitDog

CVE-2025-46547

Опубликовано: 25 апр. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

Ссылки

https://deiteriy.com
Not Applicable
https://gist.github.com/ArtemBrylev/9af206c46d7505db03ad6fcd9fc46f7f
Third Party Advisory
https://sherparpa.com
Product
https://twitter.com/ArtyomBrylev
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sherparpa:sherpa_orchestrator:141851:*:*:*:*:*:*:*

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-g2vc-w9mc-h6ch

CVSS3: 5.4

github

10 месяцев назад

In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

EPSS

Процентиль: 7%

0.00027

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-352