Cross-Site Request Forgery (CSRF)

typo3/cms-lowlevel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper handling of deep links in the backend user interface, caused by insufficient enforcement of HTTP methods and reliance on misconfigured security settings and allows an attacker to manipulate...

The vulnerability of the SAP GUI graphical user interface for Java allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP GUI graphical user interface for Java relates to the disclosure of system data by unauthorized parties in the controlled area. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

IBM Robotic Process Automation 跨站脚本漏洞

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A cross-site scripting vulnerability exists in IBM Robotic Process Automatio...

Cross-Site Request Forgery (CSRF)

typo3/cms-belog is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to the backend user interface functionality involving deep links, which allows state-changing actions via HTTP GET without enforcing the appropriate HTTP method and allows an attacker to exploit the “Log...

PT-2025-2901 · Ibm · Ibm Robotic Process Automation For Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.19 IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.19 Description: This issue allows an authenticated user to embed arbitrary JavaScript cod...

The vulnerability of the SmartScreen security component against phishing and malicious software attacks in Windows operating systems allows attackers to carry out spear-phishing attacks.

The vulnerability of the SmartScreen security component against phishing and malicious programs in Windows operating systems is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to carry out phishing attacks...

PT-2025-46164

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A flaw in Google Chrome’s Fullscreen UI could allow a remote attacker to perform UI spoofing. This is possible if an attacker convinces a user to perform specific UI gestures on a craft...

SUSE CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

PT-2025-2609 · Ibm · Ibm Cics Tx Advanced +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced versions 10.1 through 11.1 IBM CICS TX Standard version 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-55922

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55923

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55924

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55945

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55893

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55921

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55894

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55920

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55893 TYPO3 Cross-Site Request Forgery in Log Module

TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery CSRF. Additionally, state-changing actions in downstrea...

CVE-2024-55893

TYPO3 CVE-2024-55893 is a CSRF vulnerability in the backend UI deep-link handling and in the Log Module that can let an attacker remove log entries. Exploitation requires an active session and a user interaction with a malicious URL, aided by misconfigurations: security.backend.enforceReferrer di...