Cross-Site Request Forgery (CSRF)

com.liferay, com.liferay.change.tracking.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request-validation mechanisms, which allows an attacker to trick users into unknowingly performing actions that add or edit publication comments...

The vulnerability of the opennextjs package from Cloudflare’s network traffic balancing service for web applications allows attackers to execute arbitrary code.

The vulnerability of the opennextjs package, a network traffic balancing service for Cloudflare’s web applications, relates to insufficient validation of incoming requests. Exploiting this vulnerability allows an attacker to execute arbitrary code by manipulating requests sent from the server’s...

The vulnerability of the modOSCE component of the Trend Micro Apex Central security monitoring and management tool allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the modOSCE component of the Trend Micro Apex Central security monitoring and management tool is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected informatio...

The vulnerability of the SEL-5037 SEL Grid Configurator software in terms of creating, managing, and deploying energy systems allows a hacker to perform a CSRF attack due to insufficient verification of the authenticity of the executed requests.

The vulnerability of the SEL-5037 SEL Grid Configurator software, which is used for creating, managing, and deploying energy systems, stems from insufficient verification of the authenticity of the requests being made. Exploiting this vulnerability could allow a malicious actor to carry out a CSR...

livehelperchat 跨站请求伪造漏洞

livehelperchat is available through live helper chat and can be used to provide live support on the website for free. A cross-site request forgery vulnerability exists in livehelperchat, which stems from a WEB application that does not adequately validate that a request is coming from a trusted...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The Push Notifications plugin for WordPress...

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17147)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...

Sourcecodester Restaurant Management System Cross-Site Request Forgery Vulnerability

Sourcecodester Restaurant Management System is a restaurant management system. A cross-site request forgery vulnerability exists in the admin/staff-exec.php file in version 1.0 of the Sourcecodester Restaurant Management System, which originates from a WEB application that does not adequately...