Cross Site Request Forgery Vulnerability in ZenTao Biz by ZenTao
CVE-2023-46375

8.8HIGH

Key Information:

Vendor: Zentao
Status: Biz
Vendor: CVE Published:; 27 October 2023

What is CVE-2023-46375?

ZenTao Biz versions up to and including 4.1.3 are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. This flaw enables an attacker to trick authenticated users into making unwanted requests to the application, potentially compromising user accounts and allowing unauthorized actions within the ZenTao Biz platform.

References

https://narrow-payment-2cd.notion.site/zentao-4-1-3-is-vu...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 23, 2023

JSON

Zentao

What is CVE-2023-46375?

References

CVSS V3.1

Timeline