CVE-2025-60535
Published
CVSS v3
7.3
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.
Wallos: Open-source, self-hostable personal subscription tracker. Visualize your recurring expenses, manage your budget, and save money.
GitHubGitHub