16 matches found
EUVD-2020-17763
Malware in sbrugna...
Open Redirect
Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the ensuresameorigin function in the redirectprotector.rb file. An attacker can cause users to be redirected to an attacker-controlled origin by...
CVE-2020-25070
USVN aka User-friendly SVN before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature...
CVE-2024-6611
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox 128 and Thunderbird 128...
CVE-2024-22416 Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
Code injection
Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-15819)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozila Firefox is vulnerable to an input validation error that could be exploited by an attacker to redirect a user to a URL and cause a SameSite=Strict cookie to be sent...
CVE-2022-45413
Using the S.browserfallbackurl parameter parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.This issue only affects Firefox for Android. Other operating systems are not affected.. This vulnerability affects Firefox 107...
Mozilla Firefox 输入验证错误漏洞
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozila Firefox is vulnerable to an input validation error that could be exploited by an attacker to redirect a user to a URL and cause a SameSite=Strict cookie to be sent...
Yelp: If the website does not impose additional defense against CSRF attacks, failing to use the 'Lax' or 'Strict' values could increase the risk of exposur
Summary: Cookies are typically sent to third parties in cross-origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute named SameSite was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. Same-site cookies allow servers to mitigate the...
Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm
Description Hi there, I would like to report a CSRF vulnerability in yetiforcecompany/yetiforcecrm. This allows an attacker to create a new admin. Even when SameSite: Strict enable, this still can be exploited by an attacker with lowest privilege account E.g. guest. Proof of Concept + These are...
Cross site request forgery (csrf)
Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE...
CVE-2020-25070
USVN aka User-friendly SVN before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature...
Cross site request forgery (csrf)
USVN aka User-friendly SVN before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature...
CVE-2020-25070
CVE-2020-25070 affects USVN (User-friendly SVN) prior to version 1.0.10. The issue is a cross-site request forgery (CSRF) flaw caused by the absence of the SameSite Strict cookie attribute. Impact is described as CSRF risk; no exploit details are provided in the sources. Remediation: upgrade to U...
CVE-2020-25070
USVN aka User-friendly SVN before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature...