23 matches found
Cross site scripting
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...
CVE-2022-29555
The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking...
Cross-site Request Forgery (CSRF)
github.com/gobuffalo/buffalo is vulnerable to cross-site request forgery CSRF attacks. The library does not disable cross-origin websocket requests, allowing a malicious user to conduct a cross-site request forgery attack...