CVE-2023-43295
Description
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-Site Request Forgery in Passwordstate Build 9785 and earlier allows a local attacker to execute arbitrary code via a crafted request.
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in Click Studios (SA) Pty Ltd Passwordstate in Build 9785 and earlier versions. The vulnerability allows an attacker to forge requests that, when executed by an authenticated user, can lead to arbitrary code execution. [1]
Exploitation
A local attacker can craft a malicious request and trick an authenticated user into executing it. The attacker does not need authentication but relies on the victim's session. [1]
Impact
Successful exploitation allows the attacker to execute arbitrary code with the privileges of the victim user, potentially leading to complete compromise of the affected Passwordstate instance. [1]
Mitigation
As of the available reference, no patch or mitigation details have been disclosed for this vulnerability. Users are advised to monitor the vendor's security advisories page for updates. [1]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Click Studios (SA) Pty Ltd/Passwordstatedescription
- Range: <= Build 9785
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.