CVE-2023-4318 Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...

CVE-2023-4318 Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack...

Cross site request forgery (csrf)

A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

Oracle Linux 8 : mailman:2.1 (ELSA-2021-4826)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-4826 advisory. - Fix for CVE-2021-42096 - Fix for CVE-2021-42097 Tenable has extracted the preceding description block directly from the Oracle Linux security advisor...

Liberapay: Password Reset Token Leak Via Referrer

Vulnerability description not provided...

CVE-2023-3356 Subscribers Text Counter < 1.7.1 - Settings Update via CSRF to Stored XSS

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

PT-2023-24385 · WordPress · Subscribers Text Counter

Name of the Vulnerable Software and Affected Versions: Subscribers Text Counter WordPress plugin versions prior to 1.7.1 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This...

PT-2023-6879 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: NagiosXI affected versions not specified Description: The issue is related to the lack of protection for the web page structure in NagiosXI, which can be exploited by a remote attacker to perform a CSRF Cross-Site Request Forgery attack...

Cross site request forgery (csrf)

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality,...

PT-2023-4809 · Unknown · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.9 XWiki Platform versions prior to 15.4RC1 Description: The create action in XWiki Platform is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with...

Herd Effects < 5.2.4 - Effect Deletion via CSRF

Description The plugin does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=mwp-herd-effect=delete=1, this will make them delete the...

Lock User Account < 1.0.4- Arbitrary Account Lock/Unlock via CSRF

Description The plugin does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack PoC Make a logged in admin open one of the links below, this will make them lock/unlock the user with ID...

CVE-2023-40172

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery CSRF attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do...

CVE-2023-40172

The CVE-2023-40172 entry concerns the Social media skeleton project (PHP/CSS/JavaScript/HTML). The vulnerability is a CSRF weakness present in versions prior to 1.0.5, where insufficient CSRF protections existed; upstream fixes address this in version 1.0.5 and upgrading is advised. Documented im...

CVE-2023-40172 Cross-Site Request Forgery (CSRF) in fobybus/social-media-skeleton

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery CSRF attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do...

CSRF Logout

Description Bad actor can send to victim link ie. obfuscated with payload /logout and if victim will use it - can change the state of user logged in/logged out. Proof of Concept As logged in user open in new browser tab this site https://app.vrite.io/session/logout Go back to previous tab, refres...

CVE-2023-20221

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based management interface of an affected...

Cross site request forgery (csrf)

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against a user of the web-based management interface of an affected...

CVE-2023-20221

Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware are affected by CVE-2023-20221, a CSRF flaw in the web-based management interface. The issue arises from insufficient CSRF protections, enabling an unauthenticated, remote attacker to lure an authenticated user to follow a crafted l...

Cross site request forgery (csrf)

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...