Cross-Site Request Forgery (CSRF) Vulnerability in OpenSIS Classic Community Edition version 9.0

Cross-Site Request Forgery (CSRF) Vulnerability in OpenSIS Classic Community Edition version 9.0

CVE-2023-38885 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

Learn more about our User Device Pen Test.