5 matches found
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery Vulnerability
Exploit for jsp platform in category web applications Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570...
KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Link: https://vuldb.com/?id.109170 Exploit:...
KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery
KeystoneJS 4.0.0-beta.7 - Cross-Site Request Forgery Exploit Title: Application wide CSRF Bypass Date: Sep, 2017 Exploit Author: Saurabh Banawar Vendor Homepage: http://keystonejs.com/ Software Link: https://github.com/keystonejs/keystone Version: 4.0.0 Tested on: Windows 8.1 CVE : 2017-16570 Lin...
CVE-2017-16570
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...
CVE-2017-16570
KeystoneJS vulnerability CVE-2017-16570 affects KeystoneJS before 4.0.0-beta.7. The issue is a Cross-Site Request Forgery (CSRF) bypass where requests can bypass CSRF protection by removing the CSRF parameter/value, effectively not rejecting requests that lack an X-CSRF-Token header. Public detai...