Lucene search
K

97 matches found

CNNVD
CNNVD
added 2022/04/11 12:0 a.m.2 views

Webmin 跨站请求伪造漏洞

Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. A cross-site request forgery vulnerability exists in Webmin version 1.973, which stems from a lack of token validation for cross-site request forgery in the upload and download functions...

8.8CVSS5.4AI score0.02309EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/08 12:0 a.m.3 views

IBM Sterling B2B Integrator 跨站请求伪造漏洞

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates important B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities.BM Sterling B2B Integrator is vulnerable to a cross-site...

8.8CVSS5.5AI score0.00369EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.4 views

qdPM 跨站请求伪造漏洞

qdPM is a Web-based open source project management tool. A cross-site request forgery vulnerability exists in qdPM version 9.2. The vulnerability stems from the lack of token validation in the software for cross-site request forgery, resulting in a cross-site request forgery vulnerability...

8.8CVSS7.7AI score0.0375EPSS
Exploits4References5
CNNVD
CNNVD
added 2022/04/07 12:0 a.m.6 views

IceHrm 跨站请求伪造漏洞

IceHrm is a human resource management Hrm system. The system includes features such as employee management, leave management and payroll management. A security vulnerability exists in IceHrm version 31.0.0.0S, which stems from the lack of token validation in the software for cross-site request...

6.5CVSS6.3AI score0.0057EPSS
Exploits4References4
CNNVD
CNNVD
added 2022/01/12 12:0 a.m.7 views

Jenkins Plugin 跨站请求伪造漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site request forgery vulnerability exists in Jenkins Mailer that stems from the software's lack of validation f...

4.3CVSS5.5AI score0.00957EPSS
Exploits0References9
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.4 views

Adobe Connect 跨站请求伪造漏洞

Adobe Connect is a software used to create meeting environments by Adobe. Adobe Connect suffers from a cross-site request forgery vulnerability that stems from the software's lack of token authentication for cross-site request forgery, which can be exploited by an attacker to trigger an arbitrary...

7.3AI score
Exploits0References3
Huntr
Huntr
added 2021/08/24 2:5 p.m.7 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

✍️ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download access log and potentially sensitive information leakage. 🕵️‍♂️ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that...

0.5AI score
Exploits0References1
CNNVD
CNNVD
added 2021/06/29 12:0 a.m.4 views

Machform 跨站请求伪造漏洞

MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A cross-site request forgery CSRF vulnerability exists in versions prior to Machform 16. The vulnerability stems from a missing CSRF token. An attacker can exploit...

8.8CVSS5.5AI score0.00508EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/27 12:0 a.m.9 views

Joomla! cross-site request forgery vulnerability (CNVD-2021-38295)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

6.5CVSS6.6AI score0.00604EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/27 12:0 a.m.4 views

Joomla! cross-site request forgery vulnerability (CNVD-2021-38296)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in combanners and comsysinfo in...

6.5CVSS6.6AI score0.00604EPSS
Exploits0References1
Prion
Prion
added 2021/05/26 11:15 a.m.27 views

Cross site request forgery (csrf)

An issue was discovered in Joomla! 3.0.0 through 3.9.26. A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

4.3CVSS6.4AI score0.00604EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/05/26 12:0 a.m.38 views

Joomla! 3.x < 3.9.27 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.9.27. It is, therefore, affected by multiple vulnerabilities. - HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. CVE-2021-26032...

6.5CVSS6.1AI score0.0098EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/05/26 12:0 a.m.5 views

PT-2021-16926 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.26 Description: A missing token check causes a CSRF issue in the "AJAX reordering endpoint". Recommendations: For Joomla! versions 3.0.0 through 3.9.26, update to a version that includes the fix for the...

6.5CVSS7.3AI score0.00604EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.6 views

Joomla! 跨站请求伪造漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A cross-site request forgery vulnerability exists in the AJAX reordering endpoint...

6.5CVSS5.4AI score0.00604EPSS
Exploits0References3
OSV
OSV
added 2021/05/17 1:15 p.m.3 views

CVE-2021-32403

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery CSRF due to lack of security mechanisms for token protection and unsafe inputs and modules...

8.8CVSS7.3AI score
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2021/05/07 12:0 a.m.48 views

[20210502] - Core - CSRF in AJAX reordering endpoint

A missing token check causes a CSRF vulnerability in the AJAX reordering endpoint...

6.5CVSS3.3AI score0.00604EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.18 views

e107 跨站请求伪造漏洞

e107 is an open source, free and PHP and MySQL based Content Management System CMS from the E107 team. The system supports a variety of plug-ins and appearance themes, and can be used as a personal blog, discussion community, archive repository and so on. A cross-site request forgery vulnerabilit...

8.8CVSS7.7AI score0.03207EPSS
Exploits3References6
CNVD
CNVD
added 2020/12/30 12:0 a.m.2 views

Zammad Cross-Site Request Forgery Vulnerability (CNVD-2020-75514)

Zammad is a suite of ticket management software from the German company Zammad. A cross-site request forgery vulnerability exists in versions prior to Zammad 3.5.1, which stems from a lack of CSRF token checking in the Labeling and Linking REST API endpoints used for additions and deletions. No...

5.8CVSS6.8AI score0.00355EPSS
Exploits0References1
NVD
NVD
added 2020/12/28 8:15 p.m.19 views

CVE-2020-35615

An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing token check in the emailexport feature of comprivacy causes a CSRF vulnerability...

6.8CVSS6.3AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2020/07/15 4:15 p.m.24 views

CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

6.8CVSS0.00594EPSS
Exploits0References1
Rows per page
Query Builder