← Back

CVE-2021-47723

nvd nist
Published: Dec 9, 2025Modified: Feb 17, 2026

JSON object

Loading...
6.9
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: disclosure@vulncheck.com (Secondary)

Description

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

Affected (9)

Products: Stvs: Provision
Stvs
1 product
Provision
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Stvs
Provision
Version 5.5
Provision
Version 5.6
Provision
Version 5.7
Provision
Version 5.8.6
Provision
Version 5.9.0
Provision
Version 5.9.10
Provision
Version 5.9.1
Provision
Version 5.9.7
Provision
Version 5.9.9

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: disclosure@vulncheck.com
Product
Source: disclosure@vulncheck.com
Technical Description
Source: disclosure@vulncheck.com
Third Party Advisory
Source: disclosure@vulncheck.com
Third Party Advisory

Timeline

No history available yet.