6 matches found
CVE-2026-28508
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
CVE-2026-28508
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
EUVD-2026-9984
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
CVE-2026-28508
CVE-2026-28508 affects Idno: prior to 1.6.4, a logic error in the API authentication flow and missing login requirement on the URL unfurl endpoint results in CSRF protection bypass for unauthenticated requests. An attacker can set X-IDNO-USERNAME and X-IDNO-SIGNATURE headers to trigger is_api_req...
Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint
Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...