CVE-2025-52797 — Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows S... | CVE Daily

High CVSS 8.2

Overview

Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1.

CWE: CWE-352 Published: 2025-08-14T19:15:34.250

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.2 (HIGH)
Detected tags: csrf, sql (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.
Use parameterized queries/ORM (avoid string concatenation).
Add WAF rules and input validation.

Recommended tools

Tags