2024-11-19
This vulnerability report details a Cross-Site Request Forgery (CSRF) flaw in GentleSource Appointmind that can be leveraged for Stored XSS attacks. All versions prior to 4.0.0 are susceptible.
Vulnerability :
Platform: GentleSource Appointmind
Version: All versions before 4.0.0
Vulnerability: Cross-Site Request Forgery (CSRF) leading to Stored XSS
Severity: High (based on CVE details)
Date: November 14, 2024 (NVD Published Date)
What Undercode Says:
This CSRF vulnerability in GentleSource Appointmind allows attackers to inject malicious scripts that execute within a victim’s browser upon visiting a compromised webpage. Upgrading to Appointmind version 4.0.0 or later is crucial to mitigate this risk.
Additional Notes:
NVD (National Vulnerability Database) assigned the identifier CVE-2024-51679 to this vulnerability.
No further details on exploitability or specific mitigation steps were found within the provided information.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help