216.73.217.176

CVE-2021-47754

· Published 15/01/2026 16:16 · Modified 16/01/2026 15:55

Labels: CVE-2021-47754 2026-01-15CVE-2021-47754CWE-352[email protected]

Essential information

Published
15/01/2026 16:16
Modified
16/01/2026 15:55
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
arunna / arunna cpe:2.3:a:arunna:arunna:1.0.0:*:*:*:*:*:*:*

References