EUVD-2018-11214

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

CSRF vulnerability in Systrome ISG devices due to missing CSRF token validation leads to XSS risk.

Reporter	Title	Published	Views	Family All 10
0day.today	SYSTORME ISG Cross Site Request Forgery Vulnerability	13 Feb 201900:00	–	zdt
ATTACKERKB	CVE-2018-19525	21 Mar 201916:00	–	attackerkb
Circl	CVE-2018-19525	13 Feb 201914:39	–	circl
CVE	CVE-2018-19525	17 Mar 201918:43	–	cve
Cvelist	CVE-2018-19525	17 Mar 201918:43	–	cvelist
NVD	CVE-2018-19525	21 Mar 201916:00	–	nvd
OSV	CVE-2018-19525	21 Mar 201916:00	–	osv
Packet Storm	SYSTORME ISG Cross Site Request Forgery	13 Feb 201900:00	–	packetstorm
Prion	Cross site request forgery (csrf)	21 Mar 201916:00	–	prion
RedhatCVE	CVE-2018-19525	9 Jan 202612:00	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "266f5609-e1d0-3a29-aa0b-9c8dc8939092",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "e0a385b2-f5e7-3259-851f-2724ea2fd529",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/cve/CVE-2018-19525
packetstormsecurity	www.packetstormsecurity.com/files/151647/SYSTORME-ISG-Cross-Site-Request-Forgery.html
seclists	www.seclists.org/fulldisclosure/2019/Feb/31
s3curityb3ast	www.s3curityb3ast.github.io/KSA-Dev-002.md
breakthesec	www.breakthesec.com/2019/02/cve-2018-19525-account-takeover-via.html
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.2Medium risk

Vulners AI Score6.2

CVSS 36.1

CVSS 24.3

EPSS0.0042