Machform Cross-Site Request Forgery Vulnerability

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A cross-site request forgery CSRF vulnerability exists in versions prior to Machform 16. The vulnerability stems from a missing CSRF token. An attacker can exploit...

UBUNTU-CVE-2020-36191

JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user account...

U.S. Dept Of Defense: CSRF - Modify Company Info

Target Url ███/services/user/manageAccountCompany Summary: Similar to███████, but on different endpoint. The application is missing CSRF Token on Editing company info endpoint. This lead to CSRF attack. Bypassing Content-Type The application is just accepting Content-Type as application/json. Thi...

CVE-2019-13086

core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2018-19090)

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the admincp.php file in version 7.0.11 of idreamsoft iCMS. The vulnerability stems from the detection of CSRFTOKEN when it does not exist, and the program...

CVE-2017-9934

Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability...

Kimai.org Cross Site Request Forgery

Affected software: http://kimai.org Type of vulnerability: csrf URL: http://demo.kimai.org Discovered by: Provensec Website: http://www.provensec.com Description: csrf vulnerability in status edit mechanism due to no csrf token Proof of concept:...