CVE-2025-25772

MEDIUM Year: 2025
CVSS v3 Score
5.1
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

A Cross-Site Request Forgery (CSRF) in the component /back/UserController.java of Jspxcms v9.0 to v9.5 allows attackers to arbitrarily add Administrator accounts via a crafted request.

Related Vulnerabilities

CVE-2019-3876

MEDIUM
CVSS:5.0(Medium)

A flaw was found in the /oauth/token/request custom endpoint of the OpenShift OAuth server allowing for XSS generation of CLI tokens due to missing X-Frame-Options and CSRF protections. If not otherwi...

CWE-3522019

CVE-2021-44321

MEDIUM
CVSS:5.0(Medium)

Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the applicatio...

CWE-3522021

CVE-2022-22479

MEDIUM
CVSS:5.0(Medium)

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a use...

CWE-3522022

CVE-2024-43787

MEDIUM
CVSS:5.0(Medium)

Hono is a Web application framework that provides support for any JavaScript runtime. Hono CSRF middleware can be bypassed using crafted Content-Type header. MIME types are case insensitive, but isReq...

CWE-3522024

CVE-2024-4529

MEDIUM
CVSS:5.0(Medium)

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories...

CWE-3522024

CVE-2018-21096

MEDIUM
CVSS:5.2(Medium)

Certain NETGEAR devices are affected by CSRF. This affects WAC120 before 2.1.7, WAC505 before 5.0.5.4, WAC510 before 5.0.5.4, WNAP320 before 3.7.11.4, WNAP210v2 before 3.7.11.4, WNDAP350 before 3.7.11...

CWE-3522018