20 matches found
CVE-2025-59949
FreshRSS is a free, self-hostable RSS aggregator. Versions prior to 1.27.1 have a logout cross-site request forgery vulnerability that can lead to denial of service via . Version 1.27.1 patches the issue...
EUVD-2013-5995
Malware in sbrugna...
EUVD-2017-6553
Malware in sbrugna...
EUVD-2013-4637
Malware in sbrugna...
EUVD-2024-0506
Malicious code in bioql PyPI...
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...
CVE-2024-23319
Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message...
CVE-2024-23319
Affected software: Mattermost Jira Plugin. Vulnerability details: The plugin fails to protect against logout CSRF, allowing an attacker to disconnect a user’s Jira connection in Mattermost by simply viewing a crafted message. The issue lies in inadequate CSRF protection for logout-related actions...
CVE-2023-2416
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcitalogoutcallback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia...
Cross site request forgery (csrf)
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
CVE-2017-15084
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22...
Weblate: Logout CSRF
Hi Team, This is a low risk but want you to know that logout on this domain demo.weblate.org did not protect the logout form with csrf token, therefor i can logout any user by sending this url https://demo.webplate.org/accounts/logout/. Logout should have post method with a valid csrf token. Let ...
HackerOne: (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation
Summary: Login CSRF, Open Redirect, and Self-XSS Possible Exploitation through HackerOne SSO-SAML PoC - Go to █████; Use a browser window with clear cookies. Source-code: setTimeoutfunctiondocument.location.href = "https://hackerone.com/users/saml/signin?email=████&rememberme=true";, 5000; Impact...
Legal Robot: CSRF
Security researcher identified a logout CSRF attack, which was later patched...
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
Cross site request forgery (csrf)
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
Cross site request forgery (csrf)
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...