What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Dimitri Grassi Salon booking system salon-booking-system allows Cross Site Request Forgery.This issue affects Salon booking system: from n/a through <= 10.16.
Explanation of Vulnerability in Simple Terms
02Summary
The Salon booking system contains a cross-site request forgery (CSRF) vulnerability affecting versions up to 10.16. An attacker can craft a malicious webpage that, when visited by a logged-in site administrator, performs unwanted actions such as modifying bookings or settings without the admin's knowledge. The vulnerability requires user interaction but does not require authentication from the attacker.
What an attacker can do
03Attacker Capabilities
Trick a logged-in admin into performing unwanted actions like modifying bookings or system settings via a malicious webpage.
Potential impact on your site
04Site Impact
Admins could unknowingly modify bookings, settings, or other critical data if tricked into visiting a malicious link.
Conditions required to exploit
05Prerequisites
Admin must visit attacker-controlled webpage while logged into the booking system.
Key dates
06Disclosure timeline
May 19, 2025
CVE published
April 28, 2026
Record updated