Primary

Context

STVS ProVision Cross-Site Request Forgery Vulnerability Allowing Unauthorized Admin Access

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in STVS ProVision version 5.9.10. This vulnerability allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. When a logged-in user visits a malicious website, the attacker can trigger a forged request that creates a new admin user.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access, enabling the creation of new admin users.

Reproduction

To reproduce this vulnerability, a logged-in user must be tricked into visiting a malicious website that sends a forged HTTP request to the STVS ProVision application. The forged request must include the necessary parameters to create a new admin user, such as login, password, email, and role ID.

Added: Dec 9, 2025, 9:53 PM

Updated: Dec 9, 2025, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.7

remediation

0.0

relevance

1.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

STVS ProVision Cross-Site Request Forgery Vulnerability Allowing Unauthorized Admin Access

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating