PT-2025-47764 · Unknown · I Order Terms
Published
2025-11-21
·
Updated
2025-11-21
·
CVE-2025-66097
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
I Order Terms versions n/a through 1.5.0
Description
A Cross-Site Request Forgery (CSRF) issue exists in I Order Terms. This allows an attacker to perform actions on behalf of an unsuspecting user. The issue impacts the application’s ability to properly validate requests, potentially leading to unauthorized actions.
Recommendations
Versions prior to and including 1.5.0 are affected. Implement CSRF protection mechanisms, such as synchronizer tokens, to validate requests and prevent unauthorized actions.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
I Order Terms