3 matches found
CVE-2026-41656
Admidio is an open-source user management solution. Prior to version 5.0.9, the add mode in modules/documents-files.php accepts a name parameter validated only as 'string' type HTML encoding, allowing path traversal characters ../ to pass through unfiltered. Combined with the absence of CSRF...
Improper Input Validation
chromium is vulnerable to improper input validation. The vulnerability exists due to lack of validation of ancestor frames site when sending lax cookies in navigation in Google Chrome, allowing a malicious user to bypass SameSite cookie policy via a crafted HTML page...
CVE-2018-18351
Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page...