CVE-2024-54307

Name of the Vulnerable Software and Affected Versions: AIcomments versions 1.4.1 and earlier

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as sending a request to the /api/v1/login API endpoint with malicious parameters like username and password.

Recommendations: For AIcomments versions 1.4.1 and earlier, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.