CVE-2025-49044 — Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows ... | CVE Daily

High CVSS 7.1

Overview

Cross-Site Request Forgery (CSRF) vulnerability in tosend.it Simple Poll allows Stored XSS. This issue affects Simple Poll: from n/a through 1.1.1.

CWE: CWE-352 Published: 2025-08-14T11:15:36.537

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.1 (HIGH)
Detected tags: csrf, stored_xss, xss (tag impact: MODERATE)

Recommended actions:

CSRF tokens, SameSite=Strict for cookies, validate Origin/Referer.
Sanitize stored input and enforce CSP.
Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags