Lucene search
K

254 matches found

Github Security Blog
Github Security Blog
added 2019/01/04 5:43 p.m.31 views

Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...

8.8CVSS2AI score0.00638EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2018/12/31 12:0 a.m.4 views

hsweb cross-site request forgery vulnerability

hsweb is a set of projects for rapid construction of enterprise website backend management system, which integrates online code generation, rights management, single sign-on and dynamic multi-data source distributed transaction processing and other functions. hsweb 3.0.4 version of the...

8.8CVSS7.3AI score0.00638EPSS
Exploits1References1
NVD
NVD
added 2018/12/30 6:29 p.m.16 views

CVE-2018-20595

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...

8.8CVSS8.8AI score0.00638EPSS
Exploits1References2
Prion
Prion
added 2018/12/30 6:29 p.m.21 views

Cross site request forgery (csrf)

A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...

6.8CVSS8.8AI score0.00638EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/12/06 11:29 p.m.2 views

CVE-2018-19925

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. It has SQL injection via the member/memberorder.php type parameter, related to the Ostate parameter...

9.8CVSS5.8AI score0.01135EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2018/11/13 6:20 p.m.4 views

keycloak: XSS-Vulnerability with response_mode=form_post

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

5.4CVSS5.8AI score0.01194EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/11/13 6:15 p.m.5 views

keycloak: XSS-Vulnerability with response_mode=form_post

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

5.4CVSS5.8AI score0.01194EPSS
Exploits0References4
NVD
NVD
added 2018/08/29 3:29 a.m.19 views

CVE-2018-15121

An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...

8.8CVSS8.8AI score0.00486EPSS
Exploits0References1
CNVD
CNVD
added 2018/03/08 12:0 a.m.7 views

Auth0 auth0.js library cross-site request forgery vulnerability

Auth0 auth0.js library is the United States Auth0 company's set of Auth0 development platform tool library . A cross-site request forgery vulnerability exists in versions of the Auth0 auth0.js library prior to 9.3, which stems from the program failing to properly handle the absence of the 'state'...

8.8CVSS7AI score0.00522EPSS
Exploits0References1
NVD
NVD
added 2018/03/06 3:29 p.m.23 views

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

8.8CVSS8.7AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2018/03/06 3:29 p.m.16 views

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

8.8CVSS7.2AI score0.00522EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/03/06 3:0 p.m.28 views

CVE-2018-7307

The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...

8.8AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2017/12/13 9:29 a.m.5 views

CVE-2017-17640

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter...

9.8CVSS5.8AI score0.02204EPSS
Exploits1References2
NVD
NVD
added 2017/12/13 9:29 a.m.14 views

CVE-2017-17640

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter...

9.8CVSS10AI score0.02204EPSS
Exploits1References2
Prion
Prion
added 2017/12/13 9:29 a.m.13 views

Sql injection

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter...

7.5CVSS9.9AI score0.02204EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2017/11/04 7:29 p.m.19 views

CVE-2017-16540

OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...

7.5CVSS7.4AI score0.01253EPSS
Exploits5References3
CNVD
CNVD
added 2017/11/01 12:0 a.m.4 views

US Zip Codes Database Script SQL Injection Vulnerability

US Zip Codes Database Script is a set of US Zip Codes Database Scripts. A SQL injection vulnerability exists in US Zip Codes Database Script version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands with the 'state' parameter...

9.8CVSS8.3AI score0.02652EPSS
Exploits5References1
OSV
OSV
added 2017/10/31 7:29 a.m.4 views

CVE-2017-15980

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...

9.8CVSS5.8AI score0.02652EPSS
Exploits5References1
NVD
NVD
added 2017/10/31 7:29 a.m.20 views

CVE-2017-15980

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...

9.8CVSS9.9AI score0.02652EPSS
Exploits5References1
Prion
Prion
added 2017/10/31 7:29 a.m.11 views

Sql injection

US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...

7.5CVSS9.9AI score0.02652EPSS
Exploits5References1Affected Software1
Rows per page
Query Builder