177 matches found
PT-2023-22224 · Ibm · Ibm Sterling Connect:Express For Unix
Name of the Vulnerable Software and Affected Versions: IBM Sterling Connect:Express for UNIX version 1.5 Description: The issue is related to the use of cookies without the SameSite attribute in the browser UI, making it vulnerable to certain attacks. Recommendations: For IBM Sterling...
New MVC Shop 1.0 SQL Injection / Missing Attributes Vulnerability
Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection Description: The...
SvelteKit framework has Insufficient CSRF protection for CORS requests
Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
GHSA-GV7G-X59X-WF8F SvelteKit framework has Insufficient CSRF protection for CORS requests
Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
Cross site request forgery (csrf)
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
CVE-2023-29008
CVE-2023-29008 (SvelteKit CSRF issue) is described across multiple sources as a CSRF protection bypass in versions prior to 1.15.2. The vulnerability arises because the internal CSRF check (respond.js) relies on a Content-Type comparison that can be bypassed when an upper-cased Content-Type heade...
CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests
The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit
Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...
pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute
Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Date: 01.11.2023 Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...
SameSite Attribute vulnerability in pimCore
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
GHSA-R2VQ-P658-P274 SameSite Attribute vulnerability in pimCore
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
CVE-2023-25240
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
CVE-2023-25240
CVE-2023-25240 concerns pimCore v10.5.15, where an improper SameSite Attribute vulnerability allows attackers to execute arbitrary code. The connected documents confirm the affected software and the underlying issue (SameSite handling) but do not provide a concrete exploitation method, affected c...
CVE-2023-25240
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
PT-2023-20000 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: pimCore version 10.5.15 Description: The issue is related to an improper SameSite Attribute, which allows attackers to execute arbitrary code. Recommendations: For pimCore version 10.5.15, update to a version that fixes the improper SameSite...
CVE-2023-25240
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
CVE-2023-25240
An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...
pimCore 5.4.18 - PHPSESSID cookie Session Exploit
Title: pimCore-5.4.18-skeleton Sensitive Cookie with Improper SameSite Attribute - PHPSESSID cookie Session vulnerability Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03059)
Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges ...