Gitlab -- Multiple Vulnerabilities

Gitlab reports: Cross-site scripting in "Maximum page reached" page Private project guests can read new changes using a fork Mirror repository error reveals password in Settings UI DOS and high resource consumption of Prometheus server through abuse of Prometheus integration proxy endpoint...

CVE-2022-48320

Cross-site Request Forgery CSRF in Tribe29's Checkmk = 2.1.0p17, Checkmk = 2.0.0p31, and all versions of Checkmk 1.6.0 EOL allow an attacker to add new visual elements to multiple pages...

Design/Logic Flaw

In CWP aka Control Web Panel or CentOS Web Panel before 0.9.8.1107, attackers can make a crafted request to api/?api=addserver&DHCP= to add an authorizedkeys text file in the /resources/ folder...

GHSA-984M-RJ28-8C6X Plone unauthorized member addition vulnerability

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...

CVE-2021-39864

Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier and 2.3.7p1 and earlier are affected by a cross-site request forgery CSRF vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to...

Cross site request forgery (csrf)

Adobe Commerce versions 2.4.2-p2 and earlier, 2.4.3 and earlier and 2.3.7p1 and earlier are affected by a cross-site request forgery CSRF vulnerability via a Wishlist Share Link. Successful exploitation could lead to unauthorized addition to customer cart by an unauthenticated attacker. Access to...

Cross site request forgery (csrf)

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/savelist.php?ACSION=&type=email&category=white&locate=big5&cmd=add&email protected&newmemo=&add=%E6%96%B0%E5%A2%9E without any authorizes...

CVE-2018-19544

JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news...

CVE-2018-16339

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser...

CVE-2018-11493

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add...

Cross site request forgery (csrf)

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=articlecategory&do=save&frame=iPHP...

Cross site request forgery (csrf)

An issue was discovered in XYHCMS 3.5. It has CSRF via an index.php?g=Manage&m=Rbac&a=addUser request, resulting in addition of an account with the administrator role...

CVE-2017-15211

In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link to a private project of another user...

Live800在线客服XSS+CSRF可直接添加管理员

简要描述： M 锅在测试 XSS 的时候，我乱入了然后我也发现了点问题来提交了！ 详细说明： 先直接上 payload:...

Allomani E-Store 1.0 - Cross-Site Request Forgery (Add Admin) (2)

E-Store 1.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/storescript.html === Exploit ===...

Ane CMS CSRF Vulnerability

Exploit for unknown platform in category web applications ========================== Ane CMS CSRF Vulnerability ========================== Vulnerability found in- Admin module Credit by Pratul Agrawal Software AneCMS Category CMS / Portals Plateform php Proof of concept Targeted URL:...