33 matches found
SimpleRisk 20130915-01 - Multiple Vulnerabilities
No description provided by source. 1. Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-...
CVE-2013-5749
Cross-site scripting XSS vulnerability in management/prioritizeplanning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the newproject parameter...
CVE-2013-5748
Cross-site request forgery CSRF vulnerability in management/prioritizeplanning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an addproject action...
Cross site scripting
Cross-site scripting XSS vulnerability in management/prioritizeplanning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the newproject parameter...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in management/prioritizeplanning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an addproject action...
CVE-2013-5749
CVE-2013-5749 describes a cross-site scripting (XSS) vulnerability in SimpleRisk, specifically in management/prioritize_planning.php, exploitable via the new_project parameter. It affects SimpleRisk versions before 20130916-001, enabling remote attackers to inject arbitrary web script/HTML. The c...
CVE-2013-5748
Cross-site request forgery CSRF vulnerability in management/prioritizeplanning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an addproject action...
CVE-2013-5749
Cross-site scripting XSS vulnerability in management/prioritizeplanning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the newproject parameter...
CVE-2013-5748
CVE-2013-5748 refers to a CSRF vulnerability in SimpleRisk’s management/prioritize_planning.php prior to version 20130916-001, which allows remote attackers to hijack user sessions for actions such as adding projects via add_project. The underlying issue is a Cross-Site Request Forgery that enabl...
SimpleRisk 20130915-01 - Multiple Vulnerabilities
Exploit for php platform in category web applications 1. Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting...
SimpleRisk 20130915-01 Cross Site Request Forgery / Cross Site Scripting
Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-A3 Impact: Full Account Compromise...
SimpleRisk 20130915-01 - Multiple Vulnerabilities
Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS CWE-79, OWASP-A3 Impact: Full Account Compromise...
SimpleRisk 20130915-01 - Multiple Vulnerabilities
SimpleRisk 20130915-01 - Multiple Vulnerabilities 1. Advisory Information Title: SimpleRisk v.20130915-01 CSRF-XSS Account Compromise Advisory ID: RS-2013-0001 Date Published: 2013-09-30 2. Vulnerability Information Type: Cross-Site Request Forgery CSRF CWE-352, OWASP-A8, Cross-Site Scripting XSS...