CVE-2025-3979 | dazhouda lecms 3.0.3 Password Change index.php?my-password-ajax-1 cross-site request forgery

Inserito da Angelo Barbosa | Apr 27, 2025 | CVE

A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-password-ajax-1 of the component Password Change Handler. The manipulation leads to cross-site request forgery.

This vulnerability is uniquely identified as CVE-2025-3979. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2025-3979 | dazhouda lecms 3.0.3 Password Change index.php?my-password-ajax-1 cross-site request forgery

Post correlati

CVE-2023-52722 | Artifex Ghostscript up to 10.01.0 SAFER Mode psi/zmisc1.c Privilege Escalation

CVE-2024-3317 | SailPoint Identity Security Cloud Message Server API unknown vulnerability

CVE-2024-49576 | Foxit Reader 2024.3.0.26795 Checkbox CBF_Widget Object use after free (TALOS-2024-2093)

CVE-2024-12990 | ruifang-tech Rebuild 3.8.6 Admin Verification Page /user/admin-verify nexturl redirect