97 matches found
Webmin 跨站请求伪造漏洞
Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site request forgery vulnerability exists in Webmin version 1.973, which stems from a lack of token validation for cross-site request forgery in the upload and download functions...
IBM Sterling B2B Integrator 跨站请求伪造漏洞
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates important B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities.BM Sterling B2B Integrator is vulnerable to a cross-site...
qdPM 跨站请求伪造漏洞
qdPM is a Web-based open source project management tool. A cross-site request forgery vulnerability exists in qdPM version 9.2. The vulnerability stems from the lack of token validation in the software for cross-site request forgery, resulting in a cross-site request forgery vulnerability...
IceHrm 跨站请求伪造漏洞
IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A security vulnerability exists in IceHrm version 31.0.0.0S, which stems from the lack of token validation in the software for cross-site request...
Jenkins Plugin 跨站请求伪造漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site request forgery vulnerability exists in Jenkins Mailer that stems from the software's lack of validation f...
Adobe Connect 跨站请求伪造漏洞
Adobe Connect is a software used to create meeting environments by Adobe. Adobe Connect suffers from a cross-site request forgery vulnerability that stems from the software's lack of token authentication for cross-site request forgery, which can be exploited by an attacker to trigger an arbitrary...
Cross-Site Request Forgery (CSRF) in myvesta/vesta
✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download access log and potentially sensitive information leakage. 🕵️♂️ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that...
Machform 跨站请求伪造漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A cross-site request forgery CSRF vulnerability exists in versions prior to Machform 16. The vulnerability stems from a missing CSRF token. An attacker can exploit...
Joomla! cross-site request forgery vulnerability (CNVD-2021-38295)
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...
Joomla! cross-site request forgery vulnerability (CNVD-2021-38296)
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in combanners and comsysinfo in...
Cross site request forgery (csrf)
An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...
Joomla! 3.x < 3.9.27 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...
PT-2021-16926 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.26 Description: A missing token check causes a CSRF issue in the "AJAX reordering endpoint". Recommendations: For Joomla! versions 3.0.0 through 3.9.26, update to a version that includes the fix for the...
Joomla! 跨站请求伪造漏洞
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...
CVE-2021-32403
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery CSRF due to lack of security mechanisms for token protection and unsafe inputs and modules...
[20210502] - Core - CSRF in AJAX reordering endpoint
A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...
e107 跨站请求伪造漏洞
e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site request forgery vulnerabilit...
Zammad Cross-Site Request Forgery Vulnerability (CNVD-2020-75514)
Zammad is a suite of ticket management software from the German company Zammad. A cross-site request forgery vulnerability exists in versions prior to Zammad 3.5.1, which stems from a lack of CSRF token checking in the Labeling and Linking REST API endpoints used for additions and deletions. No...
CVE-2020-35615
An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...
CVE-2020-15700
An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...