CVE-2023-38873

MEDIUM

gugoan Economizzer <0.9-beta1 - CSRF

Title source: llm

Description

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

Exploits (1)

nomisec WRITEUP
by K9-Modz · poc
https://github.com/K9-Modz/CVE-2023-38873-G1

References (3)

Scores

CVSS v3 6.5
EPSS 0.0021
EPSS Percentile 42.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-1021
Status published
Products (3)
economizzer/economizzer 0.9 beta1
economizzer/economizzer april_2023
gugoan/economizzer 0Packagist
Published Sep 28, 2023
Tracked Since Feb 18, 2026