10 matches found
EUVD-2022-3882
Malicious code in bioql PyPI...
Possible CSRF token fixation
Impact When authenticating users PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. Patches The problem is fixed in versi...
CVE-2023-25170 PrestaShop has possible CSRF token fixation
PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery CSRF. When authenticating users, PrestaShop preserves session attributes. Because this does not clear CSRF tokens upon login, this might enable same-site attackers to...
CVE-2022-24895: Possible CSRF token fixation
More info at https://symfony.com/cve-2022-24895...
CVE-2021-27181
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...
CVE-2021-27181
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the...
Sensiolabs Symfony 2.7.x < 2.7.48, 2.8.x < 2.8.41, 3.3.x < 3.3.17, 3.4.x < 3.4.11, and 4.0.x < 4.0.11 Multiple Vulnerabilities
This host runs Symfony and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
CVE-2018-11406: CSRF Token Fixation
Affected versions Symfony 2.7.0 to 2.7.47, 2.8.0 to 2.8.40, 3.3.0 to 3.3.16, 3.4.0 to 3.4.10, and 4.0.0 to 4.0.10 versions of the Symfony Security component are affected by this security issue. The issue has been fixed in Symfony 2.7.48, 2.8.41, 3.3.17, 3.4.11, and 4.0.11. 4.1.0 has also been fix...
Harvest: CSRF token fixation in Sign in with Google
Hi There is CSRF token fixation in Sign in with Google at https://id.getharvest.com/sessions/new The state parameter is same for any time login https://id.getharvest.com/oauth2/callback?state=%7B%22intent%22:%22sign-in%22%7D&code=code Steps to reproduce 1. Go to...
Shopify: CSRF token fixation in facebook store app that can lead to adding attacker to victim acc
hey guys i just found an csrf token fixation in facebook store app which is an offical shopify app link https://docs.shopify.com/manual/more/official-shopify-apps/facebook-store The CSRF bug which connects attacker's Facebook account to victim's shopify account. This is done by exploiting 'Connec...