247 matches found
CVE-2023-26847
A stored cross-site scripting XSS vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates...
CVE-2023-1421
A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter...
CVE-2019-10315
Jenkins GitHub Authentication Plugin 0.31 and earlier did not use the state parameter of OAuth to prevent CSRF...
CVE-2019-15150
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the dynamicoverrideconfig function, which is accessible through the state parameter at th...
PT-2025-4842 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: Librenms versions up to 24.10.1 Description: The issue is a stored XSS that affects the parameter: ajax form.php - param: state. This allows remote attackers to inject malicious scripts, which execute immediately when a user views or interact...
Complaint Management System /admin/state.php File SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/state.php file. No details of the vulnerability are available at...
PHPGurukul Complaint Management System 注入漏洞
Complaint Management System is a complaint management system. Complaint Management System suffers from an SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/category.php file. No details of the vulnerability are available ...
PT-2024-17864 · Unknown · Phpgurukul Complaint Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Complaint Management System. This issue affects an unknown part of the file /admin/category.php. The manipulation of the...
CVE-2024-12977
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
PHPGurukul Complaint Management System 安全漏洞
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from a lack of sufficient validation of the input of the state parameter in the /admin/state.php file. No details of the vulnerability are available at...
PT-2024-17839 · Unknown · Phpgurukul Complaint Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 1.0 Description: A critical issue has been found in the PHPGurukul Complaint Management System. This issue affects an unknown part of the /admin/state.php file. The manipulation of the state...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.38 bug fix and security update
Red Hat OpenShift Container Platform release 4.15.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a...
DEBIAN-CVE-2024-47878
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...
UBUNTU-CVE-2024-47878
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a tag in the output, so without escaping. An attacker could lead or redirect a user to a crafted URL containing...
Openshift Console insufficient entropy vulnerability
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
CVE-2024-6508 Openshift-console: oauth2 insufficient state parameter entropy
An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery CSRF attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s...
PT-2024-37678 · Red Hat · Openshift Console
Name of the Vulnerable Software and Affected Versions: Openshift Console affected versions not specified Description: An insufficient entropy vulnerability was found in the Openshift Console, affecting the authorization code type and implicit grant type of the OAuth2 protocol. This vulnerability...
Red Hat OpenShift 安全特征问题漏洞
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying, and running applications. A security vulnerability exists in Red Hat OpenShift that stems from the OAuth2 protocol being vulnerable to cross-site request forge...
CVE-2024-42476 oauth CSRF vulnerability
In the OAuth library for nim prior to version 0.11, the Authorization Code grant and Implicit grant both rely on the state parameter to prevent cross-site request forgery CSRF attacks where a resource owner might have their session associated with protected resources belonging to an attacker. Whe...