Skip to main content

Passwordstate CVE-2023-43295

LOW
Cross-Site Request Forgery (CSRF) (CWE-352)
2023-10-31 cve@mitre.org
3.5
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.5 LOW
AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 31, 2023 - 21:15 nvd
LOW 3.5

DescriptionNVD

Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.

AnalysisAI

Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. Affected products include: Clickstudios Passwordstate.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2022-3875 HIGH POC
7.5 Dec 19

A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chro

CVE-2020-26061 HIGH POC
7.5 Oct 05

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerabili

CVE-2022-4613 MEDIUM POC
6.5 Dec 19

A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as cr

CVE-2022-4612 MEDIUM POC
6.5 Dec 19

A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified

CVE-2022-3876 MEDIUM POC
6.5 Dec 19

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Br

CVE-2022-25570 MEDIUM POC
6.5 Mar 21

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional pass

CVE-2022-4610 MEDIUM POC
5.5 Dec 19

A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Br

CVE-2022-3877 MEDIUM POC
5.4 Dec 19

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser

CVE-2022-4611 MEDIUM POC
5.3 Dec 19

A vulnerability, which was classified as problematic, was found in Click Studios Passwordstate and Passwordstate Browser

CVE-2020-27747 MEDIUM
6.8 Oct 29

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a

CVE-2018-14776 MEDIUM
5.4 Aug 01

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. Rated

CVE-2023-47801 MEDIUM
4.7 Nov 13

An issue was discovered in Click Studios Passwordstate before 9811. Rated medium severity (CVSS 4.7), this vulnerability

Share

CVE-2023-43295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy