Skip to main content

Note Taking App EUVD-2026-16803

| CVE-2026-4971 LOW
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-03-27 VulDB
CSRF Note Taking App
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

6
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
PoC Detected
Mar 30, 2026 - 13:26 vuln.today
Public exploit code
EUVD ID Assigned
Mar 27, 2026 - 19:30 euvd
EUVD-2026-16803
Analysis Generated
Mar 27, 2026 - 19:30 vuln.today
CVE Published
Mar 27, 2026 - 19:15 nvd
MEDIUM 5.3

DescriptionCVE.org

A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB.

AnalysisAI

Cross-site request forgery (CSRF) in SourceCodester Note Taking App up to version 1.0 allows remote attackers to perform unauthorized actions via crafted requests, exploiting lack of CSRF token validation. The vulnerability requires user interaction (clicking a malicious link) but carries no authentication barrier. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS score of 4.3 reflects limited direct impact (integrity impact only, no confidentiality or availability loss), making this a low-to-moderate severity rating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker sends a phishing email to users of SourceCodester Note Taking App containing a link to a malicious website. When a victim (already logged into the Note Taking App) visits the attacker's page, JavaScript or a hidden form automatically submits a request to the Note Taking App-for example, deleting all notes or changing account settings-using the victim's active session. …
Remediation Upgrade to a patched version of SourceCodester Note Taking App beyond 1.0 if available from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems running SourceCodester Note Taking App and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-16803 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy