CVE-2022-0916
HIGHLogitech Options < 9.60.87 - Cross-Site Request Forgery via OAuth State Parameter
Title source: llmDescription
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.logi.com/hc/en-us/articles/360025297893
Scores
CVSS v3
8.4
EPSS
0.0041
EPSS Percentile
32.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-287
CWE-352
Status
published
Products (1)
logitech/options
< 9.60.87
Published
May 03, 2022
Tracked Since
Feb 18, 2026