CVE-2023-2850

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker...

CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

Field Test gem Cross-Site Request Forgery Vulnerability

Field Test gem is an A/B testing software package. A cross-site request forgery vulnerability exists in Field Test gem versions 0.2.0 through 0.3.2 Ruby. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker coul...

pfSense XSS and CSRF Vulnerabilities (pfSense-SA-15_04.webgui)

pfSense is prone to multiple cross-site scripting XSS vulnerabilities and a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Multiple Vulnerabilities in CosmoShop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CosmoShop which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in CosmoShop 1.1 The vulnerability exists due to input sanitatio...

Multiple Vulnerabilities in xtcModified

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in xtcModified which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in xtcModified 1.1 The vulnerability exists due to input...

Multiple Vulnerabilities in ViArt Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ViArt Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in ViArt Shop The vulnerability exists due to input sanitation...

Multiple Vulnerabilities in VaM Shop

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in VaM Shop which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in VaM Shop: CVE-2011-0504 1.1 The vulnerability exists due to...

Cross-site Request Forgery (CSRF) Vulnerabilities in Ronny CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Ronny CMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Ronny CMS 1.1 The vulnerability exists due to insufficient validation of the request origin i...

[Full-disclosure] CheckPoint VPN-1 UTM Edge Cross Site Request Forgery vulnerability

Louhi Networks Oy -= Security Advisory =- Advisory: Checkpoint VPN-1 UTM Edge Cross Site Request Forgery Release Date: 2007/06/26 Last Modified: 2007/06/26 Authors: Henri Lindberg, Associate of ISC? [email protected] Jussi Vuokko, CISSP [email protected] Application: Checkpoint VPN-1 Ed...