10 matches found
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...
CVE-2022-38801
In Zkteco BioTime 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting...
VulnCheck KEV: CVE-2014-100005
D-Link DIR-600 routers contain a cross-site request forgery CSRF vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session...
PT-2022-24574 · Zkteco · Zkteco Biotime
Name of the Vulnerable Software and Affected Versions: Zkteco BioTime versions prior to 8.5.3 Build:20200816.447 Description: The issue allows an employee to hijack an administrator session and cookies using blind cross-site scripting. Recommendations: For versions prior to 8.5.3...
CVE-2021-31848
Cross site scripting XSS vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the...
Tecnick.com TCExam 跨站脚本漏洞
Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. A security vulnerability exists in Tecnick.com TCExam, which stems from a reflected cross-site scripting vulnerability in TCExam prior to version...
CVE-2021-20781
Cross-site request forgery CSRF vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...
Kyocera ECOSYS M2640IDW Cross-Site Scripting Vulnerability
The Kyocera ECOSYS M2640IDW is a multifunction printer from Kyocera, Japan. A cross-site scripting vulnerability exists in Kyocera printer ECOSYS M2640IDW, which was discovered when adding a contact to Machine Address Book. Successful exploitation of this vulnerability could result in the hijacki...
The vulnerability of Kaspersky Secure Mail Gateway’s email protection mechanism, which stems from the absence of a CSRF token in web forms, allows for the hijacking of the administrator’s session.
The vulnerability of Kaspersky Secure Mail Gateway’s email protection mechanism lies in the absence of a CSRF token in web forms. Exploiting this vulnerability allows an attacker to forge inter-site requests and intercept the administrator’s session...
[oCERT-2011-001] Chyrp input sanitization errors
2011-001 Chyrp input sanitization errors Description: The Chyrp framework, an open source blogging engine, suffers from cross-site scripting XSS and local file inclusion LFI vulnerabilities. Insufficient input sanitization on the parameters passed to pages related to administration settings, the...