Harsh iSpring Embedder CSRF

CRITICAL (10.0) No Patch (332 days)

Threat Intelligence

⚠️ CRITICAL GAP - Exploits exist but no detection available

EPSS Score: 3.35% chance of exploitation (percentile: 87%)

🔍 Detection Tools: None available in major open-source tools

⚔️ Exploit Availability: GitHub PoC

How we test →

What is it?

Harsh iSpring Embedder is a software tool used to embed interactive content into web pages. This vulnerability allows attackers to upload malicious files to a web server by tricking users into clicking on a malicious link or submitting a malicious form.

Am I affected?

Affected versions: 1.0 If you don't recognise this software, you're probably not affected.

Affected Products

Harsh Technologies / iSpring Embedder

How to fix

Upgrade to Harsh iSpring Embedder version 1.1 or later from the official website.
- Immediate mitigations:
- Disable the embedder by commenting out the relevant configuration file lines.
- Review and audit all embedded content for suspicious activity.

References

patchstack.com