MAL-2025-46660 Malicious code in xanadu-csrf-module-npm (npm)

The package xanadu-csrf-module-npm was found to contain malicious code...

Malicious code in xanadu-csrf-module-npm (npm)

The package xanadu-csrf-module-npm was found to contain malicious code...

CVE-2025-47909 Improper validation of TrustedOrigins allows CSRF attacks in github.com/gorilla/csrf

Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...

CVE-2019-9875

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter...

CVE-2019-9874

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF aka anti CSRF module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter CSRFTOKEN...