CVE-2024-54205

Name of the Vulnerable Software and Affected Versions: Paloma Widget versions 1.14 and earlier

Description: A Cross-Site Request Forgery (CSRF) issue affects the Paloma Widget, allowing unauthorized requests. This can lead to malicious actions being performed on behalf of the user.

Recommendations: For Paloma Widget versions 1.14 and earlier, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to sensitive functionality within the Paloma Widget until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.