Description
Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery.

This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-20
Score: 8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is a CSRF flaw that enables a malicious web page to trick the target's browser into sending authenticated requests to the Sitemio WISECP system. An attacker with the ability to host a malicious site can trigger actions such as configuration changes, data modification or even privileged operations, depending on the victim's permissions. The flaw is classified as CWE‑352 and carries a CVSS score of 8, indicating high severity.

Affected Systems

The flaw affects all versions of Sitemio's WISECP up to and including version 20022026. The vendor has not yet released a patch and did not respond to early disclosure. The product is used by organizations that rely on WISECP for information management.

Risk and Exploitability

Because CSRF attacks rely on a victim's authenticated session, the attacker must persuade or trick a user into visiting a malicious site while logged into WISECP. The lack of an official patch makes the precise likelihood uncertain, but the high CVSS score signals a serious risk. The vulnerability is not listed in CISA KEV, so it is not known to have active public exploitation at this time. Nevertheless, the attack can be carried out by manipulating the victim’s browser, especially if the system does not enforce a SameSite cookie policy or active CSRF tokens.

Generated by OpenCVE AI on May 20, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Implement CSRF protection by adding synchronizer tokens to all state‑changing requests in WISECP.
  • Configure WISECP session cookies with the SameSite=Strict attribute to block cross‑origin requests.
  • Restrict privileged operations to only fully authenticated users and add multi‑factor authentication where possible.

Generated by OpenCVE AI on May 20, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 13:15:00 +0000

Type Values Removed Values Added
Description Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Title CSRF in Sitemio's WISECP
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-05-20T13:44:11.029Z

Reserved: 2025-10-20T11:52:02.751Z

Link: CVE-2025-11954

cve-icon Vulnrichment

Updated: 2026-05-20T13:44:06.611Z

cve-icon NVD

Status : Deferred

Published: 2026-05-20T13:16:14.153

Modified: 2026-05-20T14:04:18.950

Link: CVE-2025-11954

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T15:15:06Z

Weaknesses