How severe is CVE-2024-4328?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2024-4328?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-4328 - MEDIUM Severity | CVSS 4

Vulnerability Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the clear_personality_files_list function of the parisneo/lollms-webui v9.6. The vulnerability arises from the use of a GET request to clear personality files list, which lacks proper CSRF protection. This flaw allows attackers to trick users into performing actions without their consent, such as deleting important files on the system. The issue is present in the application's handling of requests, making it susceptible to CSRF attacks that could lead to unauthorized actions being performed on behalf of the user.

Related Vulnerabilities

CVE-2022-22348

MEDIUM

CVSS:4.0(Medium)

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administra...

CWE-3522022

CVE-2024-9689

MEDIUM

CVSS:4.1(Medium)

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

CWE-3522024

CVE-2024-41811

LOW

CVSS:3.9(Low)

ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected pr...

CWE-3522024

CVE-2022-41925

LOW

CVSS:3.8(Low)

A vulnerability identified in the Tailscale client allows a malicious website to access the peer API, which can then be used to access Tailscale environment variables. In the Tailscale client, the pee...

CWE-3522022

CVE-2024-31205

MEDIUM

CVSS:4.2(Medium)

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) val...

CWE-3522024

CVE-2024-35039

LOW

CVSS:3.8(Low)

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

CWE-3522024