CVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

April 24, 2025

CVE ID : CVE-2025-46547

Published : April 25, 2025, 3:15 a.m. | 36 minutes ago

Description : In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46546 – Sherpa Orchestrator Blind SQL Injection Vulnerability

Next Article CVE-2025-46545 – Sherpa Orchestrator Stored Cross-Site Scripting (XSS) Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

Copilot Vision just launched — and Microsoft already added new features

Master Data Management: The Key to Improved Analytics Reporting

Master Data Management: The Key to Improved Analytics Reporting

Salesforce Lead-to-Revenue Management

React Native 0.80 – React 19.1, JS API Changes, Freezing Legacy Arch and much more

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

Surface Pro 11 with Snapdragon X Elite drops to lowest price ever

With WH40K Boltgun and Dungeons of Hinterberg, this month’s Humble Choice lineup is stacked for less than $12

I’ve been loving the upgrade to my favorite mobile controller, and there’s even a version for large tablets

CVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Warning: Discontinued Amazon Cloud Cam Has Vulnerability (CVE-2025-6031), Exposing Your Network

I love Elden Ring Nightreign’s weirdest boss — he bargains with you, heals you, and throws tantrums if you ruin his meditation

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

HERE Technologies boosts developer productivity with new generative AI-powered coding assistant

Windows “inetpub” security fix can be abused to block future updates

10 Best Free and Open Source Linux Document Processors

CVE-2025-49150 – Cursor JSON File Remote Request Vulnerability

Will Windows 10 leave enterprises vulnerable to zero-days?

“It’s not even funny anymore.” Helldivers 2 players are putting the underwhelming new Warbond on blast, and I’m with them

CVE-2025-46547 – Sherpa Orchestrator Cross-Site Request Forgery (XSS, SQL Injection) Vulnerability

Related Posts