14 matches found
CVE-2026-9591
CVE-2026-9591 documents a CSRF vulnerability in the SimplCommerce News module. The issue is in the NewsItemApiController and allows an unauthenticated remote attacker to create or modify news items as an administrator by submitting a crafted form to /api/news-items, due to missing anti-CSRF prote...
EUVD-2018-7415
Malware in sbrugna...
EUVD-2022-28618
Malicious code in bioql PyPI...
CVE-2023-2508
The PaperCutNG Mobility Print version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host in the "configure printer discovery" section. This is possible because the application has no protections against CSRF...
PT-2022-16190 · Aruba · Arubaos-Cx Switches
Name of the Vulnerable Software and Affected Versions: ArubaOS-CX Switches versions 10.06.0200 and below ArubaOS-CX Switches versions 10.08.1060 and below ArubaOS-CX Switches versions 10.09.1020 and below ArubaOS-CX Switches versions 10.10.0002 and below Description: The issue is related to the...
Cross-site Request Forgery (CSRF)
showdoc/showdoc is vulnerable to cross-site request forgery. The library does not verify the authenticity of requests due to a lack of anti-CSRF protection, allowing an attacker to create a new group for any item if users visit the attacker site...
CVE-2020-8658
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...
Cross site request forgery (csrf)
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...
CVE-2020-8658
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...
Cross site request forgery (csrf)
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc...
CVE-2018-15539
Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc...
Cockpit CMS CSRF / XSS / Path Traversal
1 Path Traversal CVE-2018-15540 It is possible to read/write/delete files or list directories by using "../" to traverse to other folders via requests to /cockpit/media/api Example of a vulnerable request: POST /cockpit/media/api HTTP/1.1 Host: 192.168.5.129 User-Agent: Mozilla/5.0 Windows NT 10....
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications input type="submit" va...
4 TOTOLINK Router Models - CSRF and XSS Vulnerabilities
4 TOTOLINK router models suffer from cross site request forgery and cross site scripting vulnerabilities. Advisory Information Title: 4 TOTOLINK router models vulnerable to CSRF and XSS attacks Advisory URL: https://pierrekim.github.io/advisories/2015-totolink-0x01.txt Blog URL:...