Lucene search
K

28 matches found

Github Security Blog
Github Security Blog
added 2025/01/21 8:25 p.m.37 views

Cross-Site Request Forgery in CodeChecker API

Summary Cross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions. Details Security attributes like HttpOnly and SameSite are missing from the session cookie, allowing its use from XHR requests and...

8.2CVSS8.4AI score0.00243EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/05/31 9:15 p.m.1 views

UBUNTU-CVE-2024-34008

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk...

8.8CVSS5.8AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2022/05/30 9:15 a.m.8 views

CVE-2022-0642

The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject...

5.4CVSS6.2AI score0.00292EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.20 views

uListing < 2.0.6 - Modify User Roles via CSRF

An Add/Edit User Roles via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC PoC | CSRF | Add/Edit User Roles: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: cookies User-Agent: Mozilla/5.0...

4.3CVSS0.5AI score0.00428EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/15 12:0 a.m.8 views

PT-2020-14595 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.20 Description: A missing token check in the "ajax install" endpoint of com installer causes a CSRF issue. Recommendations: For versions prior to 3.9.20, update to version 3.9.20 or later to resolve the issue...

6.8CVSS7.2AI score0.00594EPSS
Exploits0References6
OSV
OSV
added 2018/02/21 8:29 p.m.3 views

CVE-2018-7305

MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitrary deletion of user accounts...

4.9CVSS5.9AI score0.0037EPSS
Exploits1References1
Atlassian
Atlassian
added 2015/07/08 2:41 a.m.22 views

Stop Watching Page in email footer is broken

The link is broken, the error message says that the security token is missing...

1.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/09 5:43 p.m.20 views

Users getting "XSRF Security Token Missing" when Creating Issues

When trying to use our JIRA instance we keep getting lots of permissions errors which makes JIRA very difficult to use. If we keep trying then eventually it works. This has been happening for about the last week or so. It's very annoying as you keep having to enter the issues of the JIRA you're...

0.4AI score
Exploits0Affected Software1
Rows per page
Query Builder