CVE-2023-38885

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-38885
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38885.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-38885
Published
2023-11-20T19:15:08.820Z
Modified
2026-04-10T04:59:14.023280Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind of state changing request.

References

Affected packages

Git / github.com/os4ed/opensis-responsive-design

Affected ranges

Type
GIT
Repo
https://github.com/os4ed/opensis-responsive-design
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0d3e2d52912540d4edf87d5b8c005cd6b32ff313
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        }
    ]
}

Affected versions

V7.*
V7.5
V7.6
V8.*
V8.0
V9.*
V9.0
Ver7.*
Ver7.0Prod_update
Ver7.0beta1
v7.*
v7.1
v7.2
v7.3
ver7.*
ver7.1
ver7.4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38885.json"