163 matches found
Kliqqi CMS Cross-Site Request Forgery Vulnerability (CNVD-2024-37619)
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of a cross-site request forgery vulnerability , the vulnerability stems from /admin/adminlog.php?clear=1 does not adequately verify that the request is from a trusted user , an attacker can use this...
Kliqqi CMS 安全漏洞
Kliqqi CMS Pligg CMS is Kliqqi open source a content management system . Kliqqi CMS v2.0.2 version of the cross-site request forgery vulnerability , the vulnerability stems from /admin/adminwidgets.php?action=remove&widget=Statistics does not adequately verify whether the request is from a truste...
CVE-2024-5815
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...
CVE-2024-5815
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...
CVE-2024-5815 Cross Site Request Forgery was identified in GitHub Enterprise Server that allowed write in a user owned repository
A Cross-Site Request Forgery vulnerability in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. A mitigating factor is that the attacker would have to be a trusted GitHub Enterprise Server user, and the victim would have to visit...
PT-2024-37177 · Github · Github Enterprise Server
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.14 Description: A Cross-Site Request Forgery issue in GitHub Enterprise Server allowed write operations on a victim-owned repository by exploiting incorrect request types. The attacker would have t...
October System module has an Open Redirect for Administrator Accounts
Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an open redirect outside the scope of the active host. This...
WordPress Plugin LifterLMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
GNU Savane 安全漏洞
GNU Savane is a collaborative software development management system for the US GNU community. GNU Savane suffers from a cross-site request forgery vulnerability that arises from a WEB application that does not adequately verify that a request is from a trusted user. No details of the vulnerabili...
CVE-2024-29686
Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...
CVE-2024-29686
Server-side Template Injection SSTI vulnerability in Winter CMS v.1.2.3 allows a remote attacker to execute arbitrary code via a crafted payload to the CMS Pages field and Plugin components. NOTE: the vendor disputes this because the payload could only be entered by a trusted user, such as the...
IBM Engineering Requirements Management DOORS Next 跨站请求伪造漏洞
IBM Engineering Requirements Management DOORS is a requirements management tool. IBM Engineering Requirements Management DOORS suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to perform malicious and unauthorized actions from a user trusted by the site...
FlyCms 安全漏洞
FlyCms is sunkaifei open source an application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . FlyCms cross-site request forgery vulnerability , the vulnerability stems from /system/admin/addgroupsave location does not...
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Summary The implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the email is used as a trusted user identifier...
IBM InfoSphere Information Server 跨站请求伪造漏洞
IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A cross-site request forgery vulnerability exists in IBM InfoSphere Information Server, which ca...
IBM Sterling B2B Integrator 安全漏洞
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...
IceCMS Cross-Site Request Forgery Vulnerability
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attack...
IceCMS 跨站请求伪造漏洞
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A cross-site request forgery vulnerability exists in IceCMS v2.0.1, which originates from a WEB application that does not adequately validate whether a request comes from a trusted user. An attack...
CVE-2023-23473
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400...
IBM DB2 跨站请求伪造漏洞
IBM DB2 is a relational database management system from International Business Machines IBM, Inc. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions.IBM DB2 is vulnerable to cross-site request forgery, which can be exploited by an attacker to perform malicious and...