Lucene search
K

96 matches found

OSV
OSV
added 2025/04/03 2:10 p.m.5 views

BIT-JOOMLA-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS7.1AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:10 p.m.5 views

BIT-JOOMLA-2020-15695

An issue was discovered in Joomla! through 3.9.19. A missing token check in the remove request section of comprivacy causes a CSRF vulnerability...

6.8CVSS6.6AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:10 p.m.4 views

BIT-JOOMLA-2020-13760

In Joomla! before 3.9.19, missing token checks in compostinstall lead to CSRF...

8.8CVSS7AI score0.00677EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 2:9 p.m.4 views

BIT-JOOMLA-2020-10241

An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of comtemplates lead to CSRF...

8.8CVSS9.6AI score0.00677EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/27 7:46 a.m.3 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the absence of CSRF token validation. An attacker can compromise account settings and data integrity by crafting malicious requests that can trigger state-changing operations on behalf of an...

5.4CVSS6.8AI score0.00135EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/12 12:0 a.m.4 views

PT-2024-10907 · Unknown · Socifi Guest Wifi

Name of the Vulnerable Software and Affected Versions: Socifi Guest wifi as SAAS affected versions not specified Description: The issue concerns a Cross Site Request Forgery CSRF vulnerability via the Socifi wifi portal. The application lacks a CSRF token and request validation, allowing an...

4.7CVSS6.8AI score0.00166EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2024/10/01 12:0 a.m.5 views

VulnCheck KEV: CVE-2012-2626

cgi-bin/admin.cgi in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action...

5CVSS5.8AI score0.44458EPSS
Exploits5References1
OSV
OSV
added 2024/05/31 9:15 p.m.1 views

UBUNTU-CVE-2024-34007

The logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.3 views

PT-2024-25629 · Unknown +2 · Admin Preset Tool +2

Name of the Vulnerable Software and Affected Versions: Admin preset tool affected versions not specified Description: The issue is related to a CSRF risk due to the absence of a necessary token in actions within the admin preset tool. Recommendations: At the moment, there is no information about ...

9.8CVSS5.5AI score0.00944EPSS
Exploits1References46
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.4 views

PT-2024-25636 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue concerns a CSRF risk in the admin management of analytics models due to the lack of a necessary token. This could allow unauthorized actions on behalf of users. Recommendations: At...

9.8CVSS5.5AI score0.00944EPSS
Exploits1References49
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.3 views

PT-2024-40115 · Sylius · Sylius

Name of the Vulnerable Software and Affected Versions: Sylius versions 1.0.0 through 1.0.16 Sylius versions 1.1.0 through 1.1.8 Sylius versions 1.2.0 through 1.2.1 Description: The issue affects certain actions in the admin panel that did not require a CSRF token, including marking order's paymen...

6.5CVSS7.3AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/11/17 6:15 a.m.3 views

CVE-2023-38315

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a trytoauthenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS a Denial-of-Service...

7.5CVSS7.1AI score0.00964EPSS
Exploits0References4
OSV
OSV
added 2023/06/21 1:15 p.m.3 views

CVE-2022-3372

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel,...

8.8CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/03/23 9:15 p.m.2 views

CVE-2023-28335

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS7.2AI score0.00409EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.1 views

PT-2023-21658 · Moodle +6 · Moodle +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue is related to a link used to reset all templates of a database activity, which did not include the necessary token to prevent a CSRF risk. This could potentially allow...

8.8CVSS6.9AI score0.00409EPSS
Exploits0References14
CNNVD
CNNVD
added 2023/02/03 12:0 a.m.3 views

imcat 跨站请求伪造漏洞

Imcat is a PHP-based open source website building system. A security vulnerability exists in version 5.4 of imcat, which stems from the presence of cross-site request forgery, which can be exploited by a remote attacker to elevate privileges through the lack of token authentication...

8.8CVSS7.8AI score0.00612EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/01 12:0 a.m.5 views

Joomla! 跨站请求伪造漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A security vulnerability exists in Joomla! versions 4.0.0 through 4.2.6, which stems from a missing token check. An attacker can exploit this vulnerability to perform cross-site request forgery attacks...

6.3CVSS6.3AI score0.0023EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/20 12:0 a.m.5 views

PT-2023-32995 · Unknown · Csrfcomponent

Name of the Vulnerable Software and Affected Versions: CsrfComponent affected versions not specified Description: The issue is related to the CsrfComponent, which fails to invalidate requests that are missing both the CSRF token and CSRF post data. Recommendations: At the moment, there is no...

6.9AI score
Exploits0References5
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.3 views

Webmin 跨站请求伪造漏洞

Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.Webmin version 1.973 is vulnerable to cross-site request forgery, which stems from the lack of token validation for cross-site request forgery in the scheduled Cron job function. An...

8.8CVSS5.4AI score0.02309EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/11 12:0 a.m.2 views

Webmin 跨站请求伪造漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site request forgery vulnerability exists in Webmin version 1.973, which stems from a lack of token validation for cross-site request forgery in the upload and download functions...

8.8CVSS5.4AI score0.02309EPSS
Exploits1References3
Rows per page
Query Builder