Sherpa Orchestrator Cross-Site Request Forgery Vulnerability Allowing XSS, SQL Injection, and Access Control Issues

A cross-site request forgery (CSRF) vulnerability has been identified in Sherpa Orchestrator version 141851. The web application does not have adequate protection against CSRF attacks, which can lead to various security issues. An attacker could exploit this vulnerability to perform cross-site scripting (XSS) attacks, manipulate user roles or access controls, or take advantage of existing SQL injection vulnerabilities within the application.

Impact

Exploitation of this vulnerability could result in successful CSRF attacks, allowing for XSS exploitation, unauthorized access control changes, or the exploitation of SQL injection vulnerabilities.