Description
A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Cross‑site request forgery
Action: Apply Patch
AI Analysis

Impact

SourceCodester Note Taking App versions up to 1.0 contain a vulnerability that allows an attacker to forge requests on behalf of a legitimate user. The weakness creates a remote cross‑site request forgery (CSRF) condition in an unknown function, enabling the attacker to execute unauthorized actions without the victim's knowledge. This can lead to unauthorized data alteration, deletion, or other privileged operations performed by the authenticated user, thereby compromising the application's confidentiality, integrity, and availability.

Affected Systems

The affected product is SourceCodester Note Taking App, with all releases up to version 1.0. No finer version granularity is provided beyond the stated maximum. The vendor is SourceCodester.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not provided. The vulnerability is not listed in the CISA KEV catalog. The exploit is publicly available and can be performed remotely by any user with network access to the application. Attackers may craft a malicious web page or email that induces a victim to visit a URL or submit a form that triggers the vulnerable function, thereby bypassing authentication safeguards when a valid session cookie is automatically sent by the browser.

Generated by OpenCVE AI on March 27, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Confirm whether your deployment is running SourceCodester Note Taking App version 1.0 or earlier.
  • If a newer, patched version is available, upgrade the application to that release.
  • In the absence of an official patch, add anti‑CSRF tokens to all state‑changing requests and validate them on the server side.
  • Restrict sensitive operations to POST requests only and check for a valid CSRF token before execution.
  • Monitor access logs for repeated or anomalous POST requests originating from unauthenticated or foreign IP addresses.

Generated by OpenCVE AI on March 27, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Title SourceCodester Note Taking App cross-site request forgery
Weaknesses CWE-352
CWE-862
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T19:15:19.715Z

Reserved: 2026-03-27T08:52:57.705Z

Link: CVE-2026-4971

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T20:16:37.780

Modified: 2026-03-27T20:16:37.780

Link: CVE-2026-4971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:38Z

Weaknesses