CVE-2019-25023

Name of the Vulnerable Software and Affected Versions Scytl sVote version 2.1

Description An issue was discovered in Scytl sVote where the IP address from an X-Forwarded-For header, which can be manipulated client-side, is used for the internal application logs. This allows an attacker to inject wrong IP addresses into these logs.

Recommendations For Scytl sVote version 2.1, consider validating the IP address from the X-Forwarded-For header to prevent manipulation, or use an alternative method for logging IP addresses that is not susceptible to client-side manipulation. As a temporary workaround, restrict access to the internal application logs to minimize the risk of exploitation.