Lucene search
K

177 matches found

Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.4 views

PT-2023-22224 · Ibm · Ibm Sterling Connect:Express For Unix

Name of the Vulnerable Software and Affected Versions: IBM Sterling Connect:Express for UNIX version 1.5 Description: The issue is related to the use of cookies without the SameSite attribute in the browser UI, making it vulnerable to certain attacks. Recommendations: For IBM Sterling...

5.3CVSS5AI score0.00412EPSS
Exploits0References5
0day.today
0day.today
added 2023/05/29 12:0 a.m.266 views

New MVC Shop 1.0 SQL Injection / Missing Attributes Vulnerability

Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection Description: The...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/04/07 7:23 p.m.669 views

SvelteKit framework has Insufficient CSRF protection for CORS requests

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS8.8AI score0.00373EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/04/07 7:23 p.m.40 views

GHSA-GV7G-X59X-WF8F SvelteKit framework has Insufficient CSRF protection for CORS requests

Summary The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS8.9AI score0.00373EPSS
Exploits1References4
Prion
Prion
added 2023/04/06 5:15 p.m.19 views

Cross site request forgery (csrf)

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

6.8CVSS8.9AI score0.00373EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/04/06 4:36 p.m.89 views

CVE-2023-29008

CVE-2023-29008 (SvelteKit CSRF issue) is described across multiple sources as a CSRF protection bypass in versions prior to 1.15.2. The vulnerability arises because the internal CSRF check (respond.js) relies on a Content-Type comparison that can be bypassed when an upper-cased Content-Type heade...

8.8CVSS8.9AI score0.00373EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/04/06 4:36 p.m.56 views

CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS9.2AI score0.00373EPSS
Exploits1References2
OSV
OSV
added 2023/04/06 4:36 p.m.23 views

CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests

The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery CSRF protection to its users. The protection is...

8.8CVSS8.6AI score0.00373EPSS
Exploits1References4
0day.today
0day.today
added 2023/04/03 12:0 a.m.225 views

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/03 12:0 a.m.170 views

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Date: 01.11.2023 Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/02/13 9:31 p.m.28 views

SameSite Attribute vulnerability in pimCore

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

8.8CVSS8.8AI score0.00974EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/02/13 9:31 p.m.30 views

GHSA-R2VQ-P658-P274 SameSite Attribute vulnerability in pimCore

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

8.8CVSS8.9AI score0.00974EPSS
Exploits1References4
NVD
NVD
added 2023/02/13 9:15 p.m.24 views

CVE-2023-25240

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

8.8CVSS8.9AI score0.00974EPSS
Exploits1References2
CVE
CVE
added 2023/02/13 12:0 a.m.78 views

CVE-2023-25240

CVE-2023-25240 concerns pimCore v10.5.15, where an improper SameSite Attribute vulnerability allows attackers to execute arbitrary code. The connected documents confirm the affected software and the underlying issue (SameSite handling) but do not provide a concrete exploitation method, affected c...

8.8CVSS8.9AI score0.00974EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/13 12:0 a.m.24 views

CVE-2023-25240

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

9.1AI score0.00974EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/02/13 12:0 a.m.8 views

PT-2023-20000 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimCore version 10.5.15 Description: The issue is related to an improper SameSite Attribute, which allows attackers to execute arbitrary code. Recommendations: For pimCore version 10.5.15, update to a version that fixes the improper SameSite...

8.8CVSS8.9AI score0.00974EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2023/02/13 12:0 a.m.7 views

CVE-2023-25240

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

8.9AI score0.00974EPSS
Exploits1References2
OSV
OSV
added 2023/02/13 12:0 a.m.21 views

CVE-2023-25240

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code...

8.8CVSS8.9AI score0.00974EPSS
Exploits1References4
0day.today
0day.today
added 2023/01/12 12:0 a.m.333 views

pimCore 5.4.18 - PHPSESSID cookie Session Exploit

Title: pimCore-5.4.18-skeleton Sensitive Cookie with Improper SameSite Attribute - PHPSESSID cookie Session vulnerability Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

7.4AI score
Exploits0
CNVD
CNVD
added 2023/01/06 12:0 a.m.36 views

Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03059)

Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges ...

6.1CVSS4.8AI score0.00644EPSS
Exploits1References1
Rows per page
Query Builder