16 matches found
CVE-2026-38566
HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms password change at /profile, candidate deletion at /candidates/delete/, feedback submission at /feedback/add/, interview scheduling at /interviews/add are vulnerable to CSRF. An attacker who can...
Cross-site Request Forgery (CSRF)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the commentDelete.json.php endpoint, which lacks proper validation of request origin and does not require a CSRF token. An...
Mura 安全漏洞
Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the bundled package creation feature lacking CSRF token validation, which could lead to data leakage...
CVE-2019-16107
Missing form token validation in phpBB 3.2.7 allows CSRF in deleting post attachments...
CVE-2025-54390
Zimbra Collaboration (ZCS) CVE-2025-54390 is a CSRF in ResetPasswordRequest when zimbraFeatureResetPasswordStatus is enabled. An attacker can trick an authenticated user into visiting a malicious page that silently sends a crafted SOAP request to reset the user’s password due to missing CSRF toke...
Zimbra Collaboration 安全漏洞
Zimbra Collaboration is an open source enterprise-class email and collaboration platform from Zimbra, Inc. that supports email, calendaring, document management, and team collaboration features. A security vulnerability exists in Zimbra Collaboration that stems from a lack of CSRF token validatio...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the absence of CSRF token validation. An attacker can compromise account settings and data integrity by crafting malicious requests that can trigger state-changing operations on behalf of an...
CVE-2022-3372
There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel,...
Webmin 跨站请求伪造漏洞
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.Webmin version 1.973 is vulnerable to cross-site request forgery, which stems from the lack of token validation for cross-site request forgery in the scheduled Cron job function. An...
Webmin 跨站请求伪造漏洞
Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site request forgery vulnerability exists in Webmin version 1.973, which stems from a lack of token validation for cross-site request forgery in the upload and download functions...
IceHrm 跨站请求伪造漏洞
IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A security vulnerability exists in IceHrm version 31.0.0.0S, which stems from the lack of token validation in the software for cross-site request...
qdPM 跨站请求伪造漏洞
qdPM is a Web-based open source project management tool. A cross-site request forgery vulnerability exists in qdPM version 9.2. The vulnerability stems from the lack of token validation in the software for cross-site request forgery, resulting in a cross-site request forgery vulnerability...
Jenkins Plugin 跨站请求伪造漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site request forgery vulnerability exists in Jenkins Mailer that stems from the software's lack of validation f...
CVE-2018-19525
An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1TRUNK-20180914.bin devices. There is CSRF via /ui/?g=objkeywordsadd and /ui/?g=objkeywordsaddsave with resultant XSS because of a lack of csrf token validation...
CSRF Vulnerability in Cicada CMS 6.2
Cicada Knowledge Enterprise Portal System is an open source and free enterprise portal system. CSRF vulnerability exists in Cicada Knowledge cms version 6.2. The vulnerability stems from the lack of token validation on the background page of Cicada Knowledge cms, which leads to the triggering of...
CSRF Cross-site Request Forgery Vulnerability at Add Administrator of Rice Shell Enterprise Website Builder 2016 Official Version
Rice Shell Enterprise Building System is an enterprise building and content management system. CSRF cross-site request forgery vulnerability exists in Rice Shell Enterprise Website Builder System 2016 Official VersionAdd Administrator. As the packet of the add administrator operation is not token...