5 matches found
CVE-2026-40929
WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/commentDelete.json.php is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It does not call forbidIfIsUntrustedRequest, does not verify a CSRF/global token, and does not check...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2024-3083
A “CWE-352: Cross-Site Request Forgery CSRF” can be exploited by remote attackers to perform state-changing operations with administrative privileges by luring authenticated victims into visiting a malicious web page...
CVE-2023-41178
Reflected cross-site scripting XSS vulnerabilities in Trend Micro Mobile Security Enterprise could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176...