CVE Details
Basic Information
| Title | Tmall Demo logout cross-site request forgery |
|---|---|
| Type | cve |
| Published | 2025-05-24T21:00:10.998Z |
| Last Seen |
Product Information
| Vendor | Tmall |
|---|---|
| Product | Demo |
| Version | 20250505 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site request forgery (CSRF) vulnerability exists in Tmall Demo’s logout functionality, allowing attackers to trick users into performing unintended actions. The vulnerability has a CVSS score of 5.3 and affects an unknown version of the product. |
|---|---|
| AI Severity | Medium |
| Vendor | Tmall |
| Product | Demo |
| Affected Version | 20250505 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-352, CWE-862 |
| Bulletin Family | |
| Source Data | Tmall Demo 20250505 |
Source Information
| Source Data | Tmall Demo 20250505 |
|---|---|
| Source Link |
Description
A vulnerability was found in Tmall Demo up to 20250505. It has been rated as problematic. This issue affects some unknown processing of the file tmall/admin/account/logout. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score Summary
Base Score: 5.3 (MEDIUM)