4 matches found
GHSA-WRVC-X3WF-J5F5 1Panel contains a cross-site request forgery (CSRF) vulnerability in the web port configuration functionality
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
CVE-2025-34429 1Panel CSRF Web Port Configuration Change
1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery CSRF vulnerability in the web port configuration functionality. The port-change endpoint lacks CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a...
CVE-2025-34430 1Panel CSRF Panel Name Modification
1Panel versions 1.10.33 through 2.0.15 contain a cross-site request forgery CSRF vulnerability in the panel name management functionality. The affected endpoint does not implement CSRF defenses such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that...
PT-2025-50369
Name of the Vulnerable Software and Affected Versions 1Panel versions 1.10.33 through 2.0.15 Description 1Panel is affected by a cross-site request forgery CSRF issue in the panel name management functionality. The affected functionality lacks CSRF protections, such as anti-CSRF tokens or...