Lucene search
+L

163 matches found

cnvd
cnvd
added 2024/08/23 12:0 a.m.21 views

Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37619)

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminlog.php?clear=1 does not adequately verify that the request is from a trusted user , an attacker can use this...

8.8CVSS6.7AI score0.00201EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/08/20 12:0 a.m.5 views

Kliqqi CMS 安全漏洞

Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=remove&widget=Statistics does not adequately verify whether the request is from a truste...

8.8CVSS7AI score0.00279EPSS
Exploits1References2
osv
osv
added 2024/07/16 10:15 p.m.5 views

CVE-2024-5815

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References5
nvd
nvd
added 2024/07/16 10:15 p.m.22 views

CVE-2024-5815

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

6.8CVSS0.0025EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2024/07/16 9:26 p.m.18 views

CVE-2024-5815 Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository

A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...

6.8CVSS6.4AI score0.0025EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/07/16 12:0 a.m.5 views

PT-2024-37177 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Cross-Site Request Forgery issue in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. The attacker would have t...

6.8CVSS7.2AI score0.0025EPSS
Exploits0References9
github
github
added 2024/06/26 5:42 p.m.26 views

October System module has an Open Redirect for Administrator Accounts

Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an open redirect outside the scope of the active host. This...

4.8CVSS6.7AI score0.00265EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2024/04/12 12:0 a.m.7 views

WordPress Plugin LifterLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.7AI score0.00322EPSS
Exploits0References2
cnnvd
cnnvd
added 2024/04/08 12:0 a.m.5 views

GNU Savane 安全漏洞

GNU Savane is a collaborative software development management system for the US GNU community. GNU Savane suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately verify that a request is from a trusted user. No details of the vulnerabili...

6CVSS6.8AI score0.00417EPSS
Exploits2References5
nvd
nvd
added 2024/03/29 4:15 p.m.32 views

CVE-2024-29686

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...

7.2CVSS7.7AI score0.01821EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2024/03/29 12:0 a.m.15 views

CVE-2024-29686

Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...

8AI score0.01821EPSS
Exploits1References3
cnnvd
cnnvd
added 2024/03/01 12:0 a.m.5 views

IBM Engineering Requirements Management DOORS Next 跨站请求伪造漏洞

IBM Engineering Requirements Management DOORS is a requirements management tool. IBM Engineering Requirements Management DOORS suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to perform malicious and unauthorized actions from a user trusted by the site...

6.5CVSS8.6AI score0.00247EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/01/18 12:0 a.m.4 views

FlyCms 安全漏洞

FlyCms is sunkaifei open source an application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . FlyCms cross-site request forgery vulnerability , the vulnerability stems from /system/admin/addgroupsave location does not...

8.8CVSS6.8AI score0.00324EPSS
Exploits1References2
github
github
added 2024/01/03 9:46 p.m.19 views

Omniauth::MicrosoftGraph Account takeover (nOAuth)

Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...

9.8CVSS7AI score0.00904EPSS
Exploits1References6Affected Software1
cnnvd
cnnvd
added 2023/12/01 12:0 a.m.5 views

IBM InfoSphere Information Server 跨站请求伪造漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server, which ca...

8.8CVSS6.3AI score0.00299EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/11/22 12:0 a.m.4 views

IBM Sterling B2B Integrator 安全漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

8.8CVSS6.6AI score0.00288EPSS
Exploits0References3
cnvd
cnvd
added 2023/10/30 12:0 a.m.17 views

IceCMS Cross-Site Request Forgery Vulnerability

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attack...

6.5CVSS6.6AI score0.00219EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/10/26 12:0 a.m.6 views

IceCMS 跨站请求伪造漏洞

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attack...

6.5CVSS6.8AI score0.00219EPSS
Exploits1References4
osv
osv
added 2023/08/28 1:15 a.m.8 views

CVE-2023-23473

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400...

8.8CVSS5.7AI score0.00293EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/12/12 12:0 a.m.6 views

IBM DB2 跨站请求伪造漏洞

IBM DB2 is a relational database management system from International Business Machines IBM, Inc. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions.IBM DB2 is vulnerable to cross-site request forgery, which can be exploited by an attacker to perform malicious and...

8.8CVSS6.5AI score0.00471EPSS
Exploits0References3
Rows per page
Query Builder