CVE-2021-47723

HIGH

STVS ProVision 5.9.10 - CSRF

Title source: llm

Description

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · htmlwebappsruby

https://www.exploit-db.com/exploits/49482

View Code ZIP pw:eip

References (4)

Core 4

Core References

Technical Description exploit

https://www.exploit-db.com/exploits/49482

Product product

http://www.stvs.ch

Third Party Advisory third-party-advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.php

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/stvs-provision-cross-site-request-forgery-add-admin

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 9.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (10)

stvs/provision 5.5

stvs/provision 5.6

stvs/provision 5.7

stvs/provision 5.8.6

stvs/provision 5.9.0

stvs/provision 5.9.1

stvs/provision 5.9.7

stvs/provision 5.9.9

stvs/provision 5.9.10

STVS SA/STVS ProVision 5.9.10 (build 2885-3a8219a)

Published Dec 09, 2025

Tracked Since Feb 18, 2026