Detections
Analytics

CVE-2025-28355

medium

Description

Volmarg Personal Management System 1.4.65 is vulnerable to Cross Site Request Forgery (CSRF) allowing attackers to execute arbitrary code and obtain sensitive information via the SameSite cookie attribute defaults value set to none

References

https://github.com/abbisQQ/CVE-2025-28355/tree/main

https://github.com/Volmarg/personal-management-system/issues/149

https://github.com/Volmarg/personal-management-system

Details

Source: Mitre, NVD

Published: 2025-04-18

Updated: 2025-04-21

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00032