CVE-2024-7141 MEDIUM

CVE-2024-7141: CSRF in Gliffy

Vendor Gliffy
Product Gliffy Online
Weakness CWE-352 · CSRF
Published February 20, 2025
Last update February 20, 2025
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.

Key dates

02Disclosure timeline

February 20, 2025 CVE published
February 20, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2020-36839 WP Lead Plus X <= 0.99 - Cross-Site Request Forgery CVE-2025-5937 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset CVE-2025-28954 WordPress Backwp plugin <= 2.0.2 - CSRF to Arbitrary File Deletion vulnerability CVE-2025-39425 WordPress Style Manager plugin <= 2.2.7 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php