CVE-2023-38885

Name of the Vulnerable Software and Affected Versions OpenSIS Classic Community Edition version 9.0

Description The issue lacks cross-site request forgery (CSRF) protection throughout the application, which may allow an attacker to trick an authenticated user into performing any kind of state-changing request.

Recommendations For OpenSIS Classic Community Edition version 9.0, consider implementing CSRF protection mechanisms to prevent state-changing requests from being tricked by an attacker. As a temporary workaround, restrict access to sensitive areas of the application that could be exploited through CSRF attacks until a proper fix is applied.