GentleSource Appointmind DC-2024-51679

2024-11-19

This vulnerability report details a Cross-Site Request Forgery (CSRF) flaw in GentleSource Appointmind that can be leveraged for Stored XSS attacks. All versions prior to 4.0.0 are susceptible.

Vulnerability :

Platform: GentleSource Appointmind
Version: All versions before 4.0.0
Vulnerability: Cross-Site Request Forgery (CSRF) leading to Stored XSS
Severity: High (based on CVE details)
Date: November 14, 2024 (NVD Published Date)

What Undercode Says:

This CSRF vulnerability in GentleSource Appointmind allows attackers to inject malicious scripts that execute within a victim’s browser upon visiting a compromised webpage. Upgrading to Appointmind version 4.0.0 or later is crucial to mitigate this risk.

Additional Notes:

NVD (National Vulnerability Database) assigned the identifier CVE-2024-51679 to this vulnerability.
No further details on exploitability or specific mitigation steps were found within the provided information.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top