5 matches found
PT-2026-36317
Name of the Vulnerable Software and Affected Versions The Ultimate Dashboard versions prior to 3.8.15 Description Cross-Site Request Forgery occurs due to a flawed nonce validation conditional in the handle module actions function. This allows unauthenticated attackers to toggle plugin modules on...
CVE-2021-40335
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery CSRF, which if exploited could lead an attack...
CVE-2021-40336
A vulnerability exists in the http web interface where the web interface does not validate data in an HTTP header. This causes a possible HTTP response splitting, which if exploited could lead an attacker to channel down harmful code into the user’s web browser, such as to steal the session...
Cisco Jabber Authorization Issues Vulnerability
Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The program provides online status display, instant messaging, voice and other features. There is an authorization issue vulnerability in Cisco Jabber that arises from the software allowing...
Apple iOS webkit address bar forgery vulnerability
Apple iOS is an operating system for Apple smart devices. A spoofing vulnerability exists in the address bar of the Webkit user interface used by Apple iOS, which allows an attacker to construct malicious links and trick users into clicking on them, which can spoof the address bar...