CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-38885

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://github.com/OS4ED/openSIS-Classic
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885
https://www.os4ed.com/
https://github.com/OS4ED/openSIS-Classic
https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38885
https://www.os4ed.com/

Products affected by CVE-2023-38885

Os4ed » Opensis » Version: 9.0

cpe:2.3:a:os4ed:opensis:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-38885

Products

Pricing

Contact Us