Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

✍️ Description Attacker is able to change a user profile state to hidden if a logged in user visits attacker website. 🕵️‍♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check your profile state changed to hidden history.pushState'', '', '/' document.forms0.submit;...

MediaWiki 信息泄露漏洞

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. An information disclosure vulnerability exists in versions of MediaWiki prior...