CVE-2024-56924

HIGH Year: 2024
CVSS v3 Score
7.3
High
Weakness Type
CWE-352
View all →

Vulnerability Description

A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.

Related Vulnerabilities

CVE-2017-14362

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack.

CWE-3522017

CVE-2018-13800

HIGH
CVSS:7.3(High)

A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is...

CWE-3522018

CVE-2021-4017

HIGH
CVSS:7.3(High)

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CWE-3522021

CVE-2022-43470

HIGH
CVSS:7.3(High)

Cross-site request forgery (CSRF) vulnerability in +F FS040U software versions v2.3.4 and earlier, +F FS020W software versions v4.0.0 and earlier, +F FS030W software versions v3.3.5 and earlier, and +...

CWE-3522022

CVE-2023-5036

HIGH
CVSS:7.3(High)

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.

CWE-3522023

CVE-2024-28731

HIGH
CVSS:7.3(High)

Cross Site Request Forgery vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via the Port forward...

CWE-3522024