Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the authentication process. An attacker can modify a user's authentication method by tricking the user into visiting a malicious page. Remediation Upgrade...

CVE-2021-22351

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may induce users to grant permissions on modifying items in the configuration table,causing system exceptions...

PT-2025-53320

SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious...

CVE-2025-64498

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. Th...

CVE-2025-41748

Summary (CVE-2025-41748): A reflected XSS vulnerability in the web application module pxc_Dot1xCfg.php allows an unauthenticated attacker to trick an authenticated user into clicking a malicious link that changes device configuration parameters via the web-based management interface (WBM). The im...

CVE-2025-64498

Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. Th...

Complaint Management System Cross-Site Request Forgery Vulnerability

Complaint Management System is a complaint management system. The Complaint Management System suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could use this...

WordPress plugin ClipLink 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress ClipLink plugin, which arises from a web application that does not adequately validate that a request is comin...

firefox: thunderbird: Potential local code execution in “Copy as cURL” command

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, leading to local code execution on the user's system...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3. By exploiting the vulnerability, an attacker can trick a user into interacting with a malicious URL targeting the backend...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an attacker to forge a malicious request and trick a victim into clicking on it to perform a...

CVE-2024-7523

A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This issue only affects Android versions of Firefox. This vulnerability affects Firefox 129...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-37961

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account...

CVE-2023-24446

A cross-site request forgery CSRF vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account...

UBUNTU-CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a...

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing. An attacker could exploit the vulnerability with a specially crafted website to spoof content and trick users into believing that the site i...

Cybozu Office 跨站脚本漏洞

Cybozu Office is a web-based, cross-platform collaborative office solution from Cybozu. Cybozu Office suffers from a cross-site scripting vulnerability that can be exploited by a remote attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code...

ROS-20220210-01

A vulnerability in Mozilla Thunderbird email client and Firefox browser is related to incorrect handling of extension updates. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into install a particular type of browser extension and, during automatic...