Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Mattermost Server 11.4.x <= 11.4.3 / 11.5.x <= 11.5.1 Origin Validation Error (MMSA-2026-00636)

The version of Mattermost Server installed on the remote host is affected by a vulnerability as referenced in the MMSA-2026-00636 advisory. - Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.13 views

Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References4Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0148

Malware in sbrugna...

6.8CVSS7.3AI score0.01407EPSS
Exploits1References20
NVD
NVD
added 2024/03/18 5:15 a.m.12 views

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

9.8CVSS6.6AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 5:15 a.m.25 views

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

9.8CVSS7AI score
Exploits0References2
Cvelist
Cvelist
added 2024/03/18 12:0 a.m.16 views

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

6.9AI score0.00413EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/18 12:0 a.m.7 views

CVE-2021-47157

The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...

7AI score0.00413EPSS
Exploits0References2
CVE
CVE
added 2024/03/18 12:0 a.m.57 views

CVE-2021-47157

The CVE-2021-47157 entry affects the Kossy Perl module before 0.60. The root cause is mishandling of the X-Requested-With header, enabling JSON hijacking and compromising confidentiality, integrity, and availability (CVSS v3.1: 9.8, critical; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected softwar...

9.8CVSS6.8AI score0.00413EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.6 views

PT-2024-11205 · Kossy · Kossy

Name of the Vulnerable Software and Affected Versions: Kossy module versions prior to 0.60 Description: The issue allows JSON hijacking due to mishandling of the X-Requested-With header. This can be exploited because of improper handling in the Kossy module for Perl. Recommendations: For versions...

9.8CVSS7.2AI score0.00413EPSS
Exploits0References6
NVD
NVD
added 2022/10/19 1:15 p.m.45 views

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...

8.8CVSS0.00727EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2021/08/19 12:0 a.m.334 views

Charity Management System CMS 1.0 - Multiple Vulnerabilities

Exploit Title: Charity Management System CMS 1.0 - Multiple Vulnerabilities Date: 18/08/2021 Exploit Author: Davide 't0rt3ll1n0' Taraschi Vendor Homepage: https://www.sourcecodester.com/users/tips23 Software Link:...

7.4AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/07/23 7:51 p.m.45 views

Cross-site request forgery in Django

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS6.3AI score0.01589EPSS
Exploits0References24Affected Software1
0day.today
0day.today
added 2017/11/07 12:0 a.m.46 views

ManageEngine Applications Manager 13 - SQL Injection Vulnerability

Exploit for windows platform in category web applications ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host:...

7.5CVSS9AI score0.05558EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.37 views

actionpack Cross-Site Request Forgery vulnerability

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

6.8CVSS6.3AI score0.01407EPSS
Exploits1References13Affected Software1
RubySec
RubySec
added 2017/10/24 12:0 a.m.60 views

CSRF Protection Bypass in Ruby on Rails

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

6.8CVSS6.3AI score0.01589EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2011/02/14 9:0 p.m.11 views

PYSEC-2011-30

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS5.8AI score0.01589EPSS
Exploits1References18Affected Software1
OSV
OSV
added 2011/02/14 9:0 p.m.10 views

CVE-2011-0447

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

6.6AI score
Exploits0References13
OSV
OSV
added 2011/02/14 9:0 p.m.11 views

PYSEC-2011-30

Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...

6.8CVSS5.8AI score0.01589EPSS
Exploits0References18
Prion
Prion
added 2011/02/14 9:0 p.m.35 views

Cross site request forgery (csrf)

Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...

6.8CVSS6.8AI score0.01589EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2011/02/14 8:0 p.m.113 views

CVE-2011-0447

CVE-2011-0447: Ruby on Rails 2.1.x–2.3.x before 2.3.11 and 3.x before 3.0.4 fail to properly validate an X-Requested-With header in HTTP requests, enabling remote attackers to perform CSRF via forged AJAX or API requests that leverage browser plugins and redirects. Affected versions include Rails...

6.8CVSS6.6AI score0.01407EPSS
Exploits1References12Affected Software1
Rows per page
Query Builder