WordPress plugin GiveWP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Overview ======== Title:- Authenticated XSRF in RN510 Mesh Extender. CVE-ID :- CVE-2021-25327 Author: Kaustubh G. Padwad Vendor: Shenzhen Skyworth Digital Technology Company Ltd.http://www.skyworthdigital.com/products Products: 1. RN510 with firmware V.3.1.0.4 Tested and verified Potential 2.RN62...

Eclipse Vertx-web Cross-Site Request Forgery Vulnerability

Eclipse Vertx-web is an Eclipse Foundation framework for building Web applications . A cross-site request forgery vulnerability exists in the Vert.x-Web framework v4.0 milestone 1-4, where the source program fails to perform proper CSRF validation. Instead of comparing the CSRF token in the reque...

CVE-2020-15156 XSS due to lack of CSRF validation for replying/publishing

In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation...

CVE-2020-15156

CVE-2020-15156 affects nodebb-plugin-blog-comments prior to version 0.7.0. The root cause is lack of CSRF validation, enabling an authenticated user to be exploited for cross-site scripting that could cause a third party to post on their behalf on the forum. The issue is documented across multipl...

GHSA-RHVC-X32H-5526 No CSRF Validation in droppy

Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The attacker can...

No CSRF Validation in droppy

Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The attacker can...

CVE-2018-16314

The CVE-2018-16314 issue affects idreamsoft iCMS 7.0.11, specifically the admincp.php CSRF verification. If CSRF_TOKEN is absent, the system validates only the Referer header, which can be bypassed via a substring in admincp.php within that header. This describes a CSRF protection bypass vulnerab...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

Cross site scripting

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

Fortinet FortiAuthenticator is affected in versions 4.0.0 through

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

CVE-2018-9186

A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...

New Relic: No CSRF validation on Account Monitors in Synthetics Block

Hello, There is no CSRF token validation on DELETING "monitor" which we create in synthetics section. DELETE /accounts/1338635/monitors/de70ee8d-2fa0-416c-8592-47ebde01aa7e.json HTTP/1.1 Host: synthetics.newrelic.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:45.0 Gecko/20100101 Firefox/45...

Gratipay: Send email asynchronously

It seems like the https://gratipay.com/USER/emails/modify.json endpoint has some protection to prevent email flooding as seen here https://github.com/gratipay/gratipay.com/blob/master/gratipay/models/participant.pyL407 plus CSRF validation. However, it is possible to flood the server with multipl...

No CSRF Validation

Overview Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The...

Incorrect CSRF validation

More info at https://bakery.cakephp.org/2015/05/07/cakephp304released.html...

Invalid CSRF validation of null or incorrectly formatted token identifiers

More info at https://framework.zend.com/security/advisory/ZF2015-03...