How severe is CVE-2024-4403?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2024-4403?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-4403 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protection in the affected function.

Related Vulnerabilities

CVE-2024-39326

MEDIUM

CVSS:4.4(Medium)

SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site reques...

CWE-3522024

CVE-2024-4839

MEDIUM

CVSS:4.4(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic searc...

CWE-3522024

CVE-2024-6673

MEDIUM

CVSS:4.4(Medium)

A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The end...

CWE-3522024

CVE-2017-8382

MEDIUM

CVSS:4.5(Medium)

admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.

CWE-3522017

CVE-2020-20586

MEDIUM

CVSS:4.5(Medium)

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and pass...

CWE-3522020

CVE-2020-36191

MEDIUM

CVSS:4.5(Medium)

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).

CWE-3522020