Lucene search
K

10 matches found

Snyk
Snyk
added 2026/04/20 10:15 p.m.4 views

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...

8.1CVSS5.4AI score0.00176EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.11 views

CVE-2022-38801

In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...

5.4CVSS6.8AI score0.00337EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/05/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-100005

D-Link DIR-600 routers contain a cross-site request forgery CSRF vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session...

8.8CVSS7.2AI score0.42414EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/11/30 12:0 a.m.5 views

PT-2022-24574 · Zkteco · Zkteco Biotime

Name of the Vulnerable Software and Affected Versions: Zkteco BioTime versions prior to 8.5.3 Build:20200816.447 Description: The issue allows an employee to hijack an administrator session and cookies using blind cross-site scripting. Recommendations: For versions prior to 8.5.3...

5.4CVSS5.2AI score0.00337EPSS
Exploits0References5
OSV
OSV
added 2021/11/01 8:15 p.m.2 views

CVE-2021-31848

Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...

6.1CVSS5.7AI score
Exploits0References1
CNNVD
CNNVD
added 2021/08/05 12:0 a.m.4 views

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. A security vulnerability exists in Tecnick.com TCExam, which stems from a reflected cross-site scripting vulnerability in TCExam prior to version...

6.1CVSS6AI score0.00937EPSS
Exploits1References1
OSV
OSV
added 2021/07/14 2:15 a.m.3 views

CVE-2021-20781

Cross-site request forgery CSRF vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Kyocera ECOSYS M2640IDW Cross-Site Scripting Vulnerability

The Kyocera ECOSYS M2640IDW is a multifunction printer from Kyocera, Japan. A cross-site scripting vulnerability exists in Kyocera printer ECOSYS M2640IDW, which was discovered when adding a contact to Machine Address Book. Successful exploitation of this vulnerability could result in the hijacki...

6.1CVSS6.3AI score0.01462EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2018/02/09 12:0 a.m.6 views

The vulnerability of Kaspersky Secure Mail Gateway’s email protection mechanism, which stems from the absence of a CSRF token in web forms, allows for the hijacking of the administrator’s session.

The vulnerability of Kaspersky Secure Mail Gateway’s email protection mechanism lies in the absence of a CSRF token in web forms. Exploiting this vulnerability allows an attacker to forge inter-site requests and intercept the administrator’s session...

7.1CVSS5.5AI score0.00653EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2011/07/18 12:0 a.m.63 views

[oCERT-2011-001] Chyrp input sanitization errors

2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...

0.5AI score
Exploits0
Rows per page
Query Builder