PT-2021-22896 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue is related to Cross-Site Request Forgery CSRF, which allows an attacker to log out a user if the logged-in user visits the attacker's website. This cannot harm the user's...

CVE-2021-24939

The LoginWP Formerly Peter's Login Redirect WordPress plugin before 3.0.0.5 does not sanitise and escape the rulloginurl and rullogouturl parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue...

Cross-Site Request Forgery (CSRF) in babybuddy/babybuddy

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Millions of GoDaddy customer data compromised in breach

Domain name registrar giant and hosting provider GoDaddy yesterday disclosed to the Securities and Exchange Commission SEC that it had suffered a security breach. In the notice, it explained it had been compromised via an "unauthorized third-party access to our Managed WordPress hosting...

Cross-Site Request Forgery (CSRF) in zmister2016/mrdoc

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Cross-Site Request Forgery (CSRF) in kunstmaan/kunstmaanbundlescms

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Cross-Site Request Forgery (CSRF) in bytefury/crater

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

Cross-Site Request Forgery (CSRF) in code16/sharp

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

GHSA-CW7P-Q79F-M2V7 incomplete JupyterHub logout with simultaneous JupyterLab sessions

Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated after logout, if another active JupyterLab session is...

incomplete JupyterHub logout with simultaneous JupyterLab sessions

Impact Users of JupyterLab with JupyterHub who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated after logout, if another active JupyterLab session is...

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

Cross-Site Request Forgery (CSRF) in baijunyao/laravel-bjyblog

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Description Attacker is able to logout a user if a logged in user visits attacker website. Impact This vulnerability is capable of forging user to unintentional logout. Test Tested on Edge, firefox, chrome and safari. Fix You should use POST instead of GET. To expand: One way GET could be abused...

Session Fixation

jupyterhub is vulnerable to session fixation. The vulnerability exists due to the incomplete logout in the single-user server. An attacker is able to reinstate another user's session if another active session is open...

CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

DEBIAN-CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

CVE-2021-41247

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

PYSEC-2021-386

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...