Lucene search
MitreCVELIST:CVE-2023-34927HistoryJun 22, 2023 - 12:00 a.m.
CVE-2023-34927
2023-06-2200:00:00
mitre
www.cve.org
casdoor
csrf
vulnerability
endpoint
set-password
attackers
password
0.021 Low
EPSS
Percentile
89.2%
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user’s password via supplying a crafted URL.
Related
osv
osv
CVE-2023-34927
2023-06-22 13:15:10
Casdoor Cross-Site Request Forgery vulnerability
2023-06-22 15:30:23
github
github
Casdoor Cross-Site Request Forgery vulnerability
2023-06-22 15:30:23
prion
prion
Cross site request forgery (csrf)
2023-06-22 13:15:00
cve
cve
CVE-2023-34927
2023-06-22 13:15:10
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-07-04 10:11:53
Cross-Site Request Forgery (CSRF)
2023-06-23 11:13:23
nvd
nvd
CVE-2023-34927
2023-06-22 13:15:10
exploitdb
exploitdb
Casdoor < v1.331.0 - '/api/set-password' CSRF
2024-04-02 00:00:00