Parse Dashboard is a management interface for Parse Server applications. Versions 7.3.0-alpha.42 through 9.0.0-alpha.7 contain a CSRF vulnerability in the AI Agent API endpoint (`POST /apps/:appId/agent`). This endpoint does not implement CSRF protections such as anti-CSRF tokens or same-site cookie enforcement, allowing attackers to perform unauthorized state-changing requests on behalf of authenticated users. An attacker can host a malicious webpage that, when visited by a logged-in dashboard user, silently issues POST requests to the vulnerable endpoint using the victim's session cookies. This can lead to unauthorized commands being executed within the dashboard context, potentially manipulating AI agent behavior or other sensitive operations. The vulnerability was fixed in version 9.0.0-alpha.8 by adding CSRF middleware and embedding CSRF tokens in the dashboard UI. As a temporary mitigation, removing the `agent` configuration block disables the vulnerable endpoint entirely. The vulnerability is tracked as CWE-352 and has a CVSS 4.0 score of 8.3, indicating high severity due to network attack vector, no privileges required, no authentication needed by the attacker, and high impact on integrity and availability. No known exploits are currently reported in the wild.

Organizations using vulnerable versions of parse-dashboard with the `agent` configuration enabled are at risk of unauthorized actions being performed within their Parse Server management interface. Successful exploitation can compromise the integrity of AI agent operations, potentially leading to manipulation or disruption of backend processes managed via the dashboard. This could result in data corruption, service disruption, or unauthorized command execution. Since the attack leverages authenticated user sessions, any user with dashboard access can be targeted, increasing risk in environments with multiple administrators or developers. The vulnerability does not directly expose confidential data but threatens system integrity and availability. Exploitation requires user interaction (visiting a malicious page), but no additional authentication or privileges are needed by the attacker, making phishing or social engineering viable attack vectors. The impact is particularly critical for organizations relying heavily on AI agent functionality within Parse Server, as disruption or manipulation could affect application behavior and reliability.

Upgrade parse-dashboard to version 9.0.0-alpha.8 or later, which includes built-in CSRF protection for the AI Agent API endpoint. If immediate upgrade is not feasible, remove the `agent` configuration block from the dashboard configuration to disable the vulnerable endpoint entirely, effectively mitigating the risk. Implement network-level protections such as Content Security Policy (CSP) to restrict the domains from which scripts can be loaded, reducing the risk of malicious page execution. Educate dashboard users to avoid visiting untrusted websites while authenticated to the dashboard. Monitor dashboard access logs for unusual POST requests to the `/apps/:appId/agent` endpoint. Consider implementing multi-factor authentication (MFA) for dashboard access to reduce the risk of session hijacking. Finally, review and limit dashboard user privileges to minimize potential damage from compromised sessions.