OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-20T00:00:00
Updated: 2024-08-02T17:54:39.276Z
Reserved: 2023-07-25T00:00:00
Link: CVE-2023-38885
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-20T19:15:08.820
Modified: 2023-11-30T14:23:35.557
Link: CVE-2023-38885
Redhat
No data.