7 matches found
CVE-2025-62190
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...
GHSA-GMX5-FRV9-9M9F Mattermost has CSRF vulnerability via Calls Widget page
Mattermost versions 11.0.x 11.0.4, 10.12.x = 10.12.2, 10.11.x 10.11.6 and Mattermost Calls versions 1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpa...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the Calls widget page. An attacker can initiate calls and inject messages into channels or direct messages by tricking an authenticated user into visiting a malicious webpage or clicking a crafted lin...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a lack of CSRF protection on the Calls widget page, which could lead to an attacker initiating a call and injecting a message into a...
CVE-2025-9626
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the adminprocesswidgetpagechange function. This makes it possible for unauthenticated attackers to modify widget pa...
EUVD-2025-33848
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the adminprocesswidgetpagechange function. This makes it possible for unauthenticated attackers to modify widget pa...
CVE-2025-9626 Page Blocks <= 1.1.0 - Cross-Site Request Forgery
The Page Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the adminprocesswidgetpagechange function. This makes it possible for unauthenticated attackers to modify widget pa...