CVE-2021-47723

UNKNOWN 0.0

STVS ProVision Cross-Site Request Forgery (Add Admin)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.

CWE	CWE-352
Vendor	stvs sa
Product	stvs provision
Published	Dec 9, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for stvs sa stvs provision

Be the first to know when new unknown vulnerabilities affecting stvs sa stvs provision are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

STVS SA / STVS ProVision

5.9.10 (build 2885-3a8219a)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49482 stvs.ch: http://www.stvs.ch zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5625.php vulncheck.com: https://www.vulncheck.com/advisories/stvs-provision-cross-site-request-forgery-add-admin

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab