28 matches found
Cross-Site Request Forgery in CodeChecker API
Summary Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions. Details Security attributes like HttpOnly and SameSite are missing from the session cookie, allowing its use from XHR requests and...
UBUNTU-CVE-2024-34008
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...
CVE-2022-0642
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject...
uListing < 2.0.6 - Modify User Roles via CSRF
An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0...
PT-2020-14595 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.20 Description: A missing token check in the "ajax install" endpoint of com installer causes a CSRF issue. Recommendations: For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue...
CVE-2018-7305
MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts...
Stop Watching Page in email footer is broken
The link is broken, the error message says that the security token is missing...
Users getting "XSRF Security Token Missing" when Creating Issues
When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...