254 matches found
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...
hsweb cross-site request forgery vulnerability
hsweb is a set of projects for rapid construction of enterprise website backend management system, which integrates online code generation, rights management, single sign-on and dynamic multi-data source distributed transaction processing and other functions. hsweb 3.0.4 version of the...
CVE-2018-20595
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...
Cross site request forgery (csrf)
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful...
CVE-2018-19925
An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. It has SQL injection via the member/memberorder.php type parameter, related to the Ostate parameter...
keycloak: XSS-Vulnerability with response_mode=form_post
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...
keycloak: XSS-Vulnerability with response_mode=form_post
A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...
CVE-2018-15121
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations...
Auth0 auth0.js library cross-site request forgery vulnerability
Auth0 auth0.js library is the United States Auth0 company's set of Auth0 development platform tool library . A cross-site request forgery vulnerability exists in versions of the Auth0 auth0.js library prior to 9.3, which stems from the program failing to properly handle the absence of the 'state'...
CVE-2018-7307
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...
CVE-2018-7307
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...
CVE-2018-7307
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter...
CVE-2017-17640
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter...
CVE-2017-17640
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter...
Sql injection
Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter...
CVE-2017-16540
OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter...
US Zip Codes Database Script SQL Injection Vulnerability
US Zip Codes Database Script is a set of US Zip Codes Database Scripts. A SQL injection vulnerability exists in US Zip Codes Database Script version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands with the 'state' parameter...
CVE-2017-15980
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...
CVE-2017-15980
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...
Sql injection
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter...