Lucene search
+L

35 matches found

Snyk
Snyk
added 2025/01/14 3:40 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and delete items by sending a crafted URL to a logged-in user. Note: This is...

5.1CVSS6.9AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:40 p.m.5 views

Exposed Dangerous Method or Function

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate or delete persisted form definitions by deceiving a...

5.4CVSS6.9AI score0.00186EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:25 p.m.6 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the backend user interface functionality involving deep links. An attacker can manipulate the victim's dashboard configuration by deceiving the victim into interacting with a malicious URL while...

5.1CVSS6.9AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:25 p.m.17 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Backend User Module. An attacker can manipulate user actions by tricking a victim into visiting a malicious URL while logged into the backend. Note: This is only exploitable if...

5.4CVSS6.9AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:24 p.m.4 views

Exposed Dangerous Method or Function

Overview Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the Log Module. An attacker can manipulate log entries by deceiving a user into interacting with a malicious URL while logged into the backend user interface. Note: This is only exploitable if...

5.1CVSS6.9AI score0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.10 views

PT-2025-3160 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptible to Cross-Site Request Forgery CSRF. State-changing actions in...

4.3CVSS6.8AI score0.00222EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.18 views

PT-2025-3152 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptible to Cross-Site Request Forgery CSRF. State-changing actions in...

8CVSS6.9AI score0.00255EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/10/22 12:0 a.m.4 views

PT-2024-30358 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert versions 1.0.0 through 1.0.1 Description: The issue concerns attacks that rely on the use of cookies without the SameSite attribute. Recommendations: For versions 1.0.0 and 1.0.1, consider configuring cookies to include the SameSi...

3.7CVSS6.5AI score0.00209EPSS
Exploits0References5
OSV
OSV
added 2023/07/19 2:15 a.m.8 views

CVE-2023-29259

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055...

5.3CVSS5.5AI score0.00475EPSS
Exploits0References2
0day.today
0day.today
added 2023/04/03 12:0 a.m.226 views

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

6.8AI score
Exploits0
OSV
OSV
added 2023/02/22 9:58 p.m.19 views

GHSA-FMXQ-V8MG-QH25 apollo-portal has potential CSRF issue

Impact A low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Patches Cookie SameSite strategy was set to Lax in 4664 and was...

5.7CVSS5.4AI score0.00351EPSS
Exploits0References7
NVD
NVD
added 2023/02/20 4:15 p.m.42 views

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

5.7CVSS5.5AI score0.00351EPSS
Exploits0References5
Prion
Prion
added 2023/02/20 4:15 p.m.19 views

Design/Logic Flaw

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

3.5CVSS5.5AI score0.00351EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/02/20 3:12 p.m.58 views

CVE-2023-25569

CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...

5.7CVSS5.5AI score0.00351EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/04/04 12:0 a.m.7 views

The vulnerability of Google Chrome browser, related to insufficient validation of input data, allows a hacker to circumvent the Cookie SameSite policy.

The vulnerability of Google Chrome lies in the lack of proper validation of cookie-related frames during the sending of cookies. Exploiting this vulnerability allows a remote attacker to circumvent the Cookie SameSite policy by using a specially created HTML page...

6.5CVSS7.1AI score0.0255EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder