CVE-2024-11071 HIGH

CVE-2024-11071: Improper Access Control In DestinyECM

Vendor Cyberdigm
Product DestinyECM
Weakness CWE-352 · CSRF
Published April 7, 2025
Last update April 15, 2025
View on NVD All CVEs

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor.

Key dates

02Disclosure timeline

April 7, 2025 CVE published
April 15, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-5036 Cross-Site Request Forgery (CSRF) in usememos/memos CVE-2025-23430 WordPress Mass Custom Fields Manager plugin <= 1.5 - CSRF to Cross Site Scripting (XSS) vulnerability CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update CVE-2025-31845 WordPress Theme Duplicator Plugin <= 1.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-31386 Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability