CVE-2024-28141

CVE-2024-28141: Cross-Site Request-Forgery

Vendor Image Access Gmbh
Product Scan2Net
Weakness CWE-352 · CSRF
Published December 11, 2024
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users.

Key dates

02Disclosure timeline

December 11, 2024 CVE published
November 3, 2025 Record updated