CVE-2025-9747 | Koillection up to 1.6.18 csrf_protection_controller.js cross-site request forgery (Issue 1393)

Inserito da Angelo Barbosa | Ago 30, 2025 | CVE

A vulnerability was found in Koillection up to 1.6.18 and classified as problematic. Affected is an unknown function of the file assets/controllers/csrf_protection_controller.js. Such manipulation leads to cross-site request forgery.

This vulnerability is documented as CVE-2025-9747. The attack can be executed remotely. Additionally, an exploit exists.

It is suggested to upgrade the affected component.

The vendor explains: “I ended up switching to a newer CSRF handling using stateless token.”

CVE-2025-9747 | Koillection up to 1.6.18 csrf_protection_controller.js cross-site request forgery (Issue 1393)

Post correlati

CVE-2021-46921 | Linux Kernel up to 4.19.188/5.4.114/5.10.32/5.11/5.11.16 qrwlock queued_write_lock_slowpath comparison

CVE-2024-13596 | pantherius Survey & Poll Plugin up to 1.7.5 on WordPress Shortcode survey id sql injection

CVE-2023-52115 | Huawei HarmonyOS 4.0.0 iAware Module use after free

CVE-2024-41810 | Twisted up to 24.3.0 Twisted.web.util.redirectTo cross site scripting (GHSA-cf56-g6w6-pqq2)