Open Notebook
Monthly
Cross-site request forgery (CSRF) in Open Notebook v1.8.1 enables remote attackers to manipulate or delete database entries through social engineering attacks. The vulnerability combines input validation flaws (CWE-20) with overly permissive default CORS settings, allowing malicious sites to send authenticated requests on behalf of legitimate users. Attackers craft malicious URLs that, when clicked by authenticated users, execute unauthorized database operations including data modification, deletion, and potential exfiltration depending on deployment configuration. No public exploit code or active exploitation confirmed at time of analysis.
Cross-site request forgery (CSRF) in Open Notebook v1.8.1 enables remote attackers to manipulate or delete database entries through social engineering attacks. The vulnerability combines input validation flaws (CWE-20) with overly permissive default CORS settings, allowing malicious sites to send authenticated requests on behalf of legitimate users. Attackers craft malicious URLs that, when clicked by authenticated users, execute unauthorized database operations including data modification, deletion, and potential exfiltration depending on deployment configuration. No public exploit code or active exploitation confirmed at time of analysis.