5 matches found
CVE-2021-43807
Opencast is vulnerable to HTTP method spoofing in versions prior to 9.10. An attacker can override the intended HTTP method via a URL parameter, turning GET into PUT or form submissions into DELETE, enabling state-changing actions and CSRF bypasses. The issue is fixed in Opencast 9.10 and 10.0. M...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
โ๏ธ Description Attacker able to delete any reaction with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...
Cross-Site Request Forgery (CSRF) in namelessmc/nameless
โ๏ธ Description Attacker able to disable any module with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks...
Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts
โ๏ธ Description Attacker able to delete any number of Accounting Reports with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...
Cross-Site Request Forgery (CSRF) in aces/loris
โ๏ธ Description Attacker able to upload any document with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attack...