CVE-2025-59891

Cross-Site request forgery CSRF vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. This vulnerability is possible due to the lack of...

CVE-2021-24618

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...

DEBIAN-CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

CVE-2020-8166

CVE-2020-8166 is a CSRF forgery vulnerability in Ruby on Rails (affecting Rails < 5.2.5 and Rails

CVE-2020-8166

A CSRF forgery vulnerability exists in rails 5.2.5, rails 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticitytoken meta tag, forge a per-form CSRF token...

CVE-2020-8166

A flaw was found in rubygem-actionpack. Forgery of a per-form CSRF token is possible allowing for any action to take place for that session. The highest threat from this vulnerability is to data integrity...

PT-2020-19995 · Ruby On Rails +3 · Rails +3

Name of the Vulnerable Software and Affected Versions: rails versions prior to 5.2.5 rails versions prior to 6.0.4 Description: A CSRF forgery issue exists that allows an attacker to forge a per-form CSRF token given a global CSRF token, such as the one present in the authenticity token meta tag...