CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

Cross-Site Request Forgery (CSRF)

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit;...

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change emoticons activation status if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally emoticons deactivated //POC.html history.pushState'', '',...

Cross-Site Request Forgery (CSRF) in e107inc/e107

✍️ Description Attacker or malicious user is able to change URL configuration if a logged in user visits attacker website. because lack of CSRF token 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your search URL changed form /search.php...

Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to change a user profile state to public if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check your profile state changed form private to public history.pushState'', '', '/'...

Opennms Group OpenNMS 跨站请求伪造漏洞

Opennms Group OpenNMS is an open source, enterprise-grade network monitoring and network management platform from the U.S.-based OpenNMS Group Opennms Group. A cross-site request forgery vulnerability exists in OpenNMS Meridian, which can be exploited by an attacker to trick administrators into...

CVE-2019-10779

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS...

GHSA-XVWV-6WVX-PX9X Plone Open Redirect

By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login fo...

Cisco Ironport AsyncOS HTTP Header Injection

Cisco Ironport AsyncOS HTTP Header Injection Vendor: Cisco Product webpage: http://www.cisco.com Affected versions: Cisco Ironport ESA - AsyncOS 8.0.1-023 Cisco Ironport WSA - AsyncOS 8.5.5-021 Cisco Ironport SMA - AsyncOS 8.4.0-138 Date: 24/02/2015 Credits: Glafkos Charalambous CVE: CVE-2015-062...

IP Board 3.x CSRF - Token hjiacking Vulnerability

Usage Info Latest and propabbly previous IPB verions suffers on vulnerability, which allows attacker to steal CSRF token of specific user. Function, which allows users to share forum links, does not properly sanitize user input. Mentioned token is attached in request as GET parameter, so it's abl...