Lucene search
K

CVE-2014-9101

🗓️ 26 Nov 2014 15:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 52 Views🌐 WEB

Multiple CSRF vulnerabilities in Oxwall 1.7.0 and SkaDate Lite 2.0 allow remote attackers to hijack authentication of administrators for XSS attacks

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Cvelist
CVE-2014-9101
26 Nov 201415:00
cvelist
EUVD
EUVD-2014-8927
7 Oct 202500:30
euvd
NVD
CVE-2014-9101
26 Nov 201415:59
nvd
Prion
Cross site request forgery (csrf)
26 Nov 201415:59
prion
RedhatCVE
CVE-2014-9101
22 May 202513:44
redhatcve
Zero Science Lab
Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities
28 Jul 201400:00
zeroscience
Zero Science Lab
SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities
30 Jul 201400:00
zeroscience
NVD
Node
Node
oxwalloxwallMatch1.7.0
ParameterPositionPathDescriptionCWE
labelrequest bodyadmin/users/roles/CSRF allows crafting requests that inject script via the label parameterCWE-352
lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0]request bodyadmin/questions/ajax-responder/CSRF enables stored XSS through the lang[...] parameter in AddAccountType actionCWE-352
commandrequest bodyadmin/questions/ajax-responder/CSRF enables stored XSS through the lang[...] parameter in AddAccountType actionCWE-352
keyrequest bodyadmin/questions/ajax-responder/CSRF enables stored XSS through the lang[...] parameter in AddAccountType actionCWE-352
prefixrequest bodyadmin/questions/ajax-responder/CSRF enables stored XSS through the lang[...] parameter in AddAccountType actionCWE-352
accountTypeNamerequest bodyadmin/questions/ajax-responder/CSRF enables stored XSS through the lang[...] parameter in AddAccountType actionCWE-352
lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0]request bodyadmin/questions/ajax-responder/CSRF enables stored XSS through the lang[...] parameter in AddAccountType actionCWE-352
qst_namerequest bodyadmin/questions/ajax-responder/CSRF enables stored XSS via the qst_name parameter in addQuestion actionCWE-352
qst_descriptionrequest bodyadmin/questions/ajax-responder/CSRF enables stored XSS via the qst_name parameter in addQuestion actionCWE-352
qst_account_type[0]request bodyadmin/questions/ajax-responder/CSRF enables stored XSS via the qst_name parameter in addQuestion actionCWE-352
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation