Lucene search
K

33 matches found

CVE
CVE
added 2025/11/26 10:18 p.m.451 views

CVE-2025-66035

CVE-2025-66035 affects Angular's HttpClient, allowing a XSRF token leakage via protocol-relative URLs (//) that are treated as same-origin, causing the token to be sent in X-XSRF-TOKEN. Impact described as credential leakage through app logic, enabling unauthorized CSRF token disclosure to attack...

7.7CVSS6.2AI score0.00572EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2025/11/26 10:18 p.m.7 views

CVE-2025-66035

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential...

7.7CVSS5.9AI score0.00572EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-11802

Malware in sbrugna...

6.5CVSS5.6AI score0.01387EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-57056

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00244EPSS
Exploits0References2
CNVD
CNVD
added 2022/02/17 12:0 a.m.18 views

Atlassian Jira Server jira-importers-plugin跨站请求伪造漏洞

Atlassian Jira Service is the server version of an IT service desk and request tracking system from Atlassian Australia. Atlassian Jira Server jira-importers-plugin is vulnerable to cross-site request forgery, which stems from jira-importers-plugin being misconfigured with XSRF protection. An...

6.5CVSS5.2AI score0.00606EPSS
Exploits0References1
Prion
Prion
added 2020/02/12 11:15 p.m.18 views

Cross site scripting

Insufficient Cross-Site Request Forgery XSRF protection on Expedition Migration Tool allows remote unauthenticated attackers to hijack the authentication of administrators and to perform actions on the Expedition Migration Tool. This issue affects Expedition Migration Tool 1.1.51 and earlier...

6.8CVSS8.9AI score0.0051EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/07/27 6:29 p.m.21 views

Cross site scripting

A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protectfromforgery XSRF protection causing the routes to be used. This attack would require additional...

4CVSS6.2AI score0.01387EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/07/27 6:0 p.m.35 views

CVE-2017-2653

A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protectfromforgery XSRF protection causing the routes to be used. This attack would require additional...

4.1CVSS6.2AI score0.01387EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/04/12 2:31 p.m.57 views

Moderate: Red Hat Security Advisory: cfme, cfme-appliance, and cfme-gemset security, bug fix, and enhancement update

An update for cfme, cfme-appliance, and cfme-gemset is now available for CloudForms Management Engine 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

6.5CVSS6.3AI score0.01387EPSS
Exploits0References139
RedhatCVE
RedhatCVE
added 2017/03/14 5:49 p.m.35 views

CVE-2017-2653

A number of unused delete routes are present in CloudForms which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protectfromforgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting o...

6.5CVSS3.6AI score0.01387EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/12/13 12:0 a.m.19 views

Fedora 24 : python-tornado (2016-a3618d9ef6)

Update to 4.4.2 Security fixes - A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...

5.5AI score
Exploits0References1
OSV
OSV
added 2016/12/11 10:44 p.m.3 views

MGASA-2016-0418 Updated python-tornado package fixes security vulnerability

A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...

7.2AI score
Exploits0References3
Mageia
Mageia
added 2016/12/11 10:44 p.m.22 views

Updated python-tornado package fixes security vulnerability

A difference in cookie parsing between Tornado and web browsers especially when combined with Google Analytics could allow an attacker to set arbitrary cookies and bypass XSRF protection. The cookie parser has been rewritten to fix this attack...

5.8AI score
Exploits0References2
securityvulns
securityvulns
added 2015/07/05 12:0 a.m.67 views

CollabNet Subversion Edge missing XSRF protection

Vuln Title: The CollabNet Subversion Edge Management Frontend does not implement XSRF protection tokens Date: 28.06.2015 Author: otr Software Link: https://www.open.collab.net/downloads/svnedge Vendor: CollabNet Version: 4.0.11 Tested on: Fedora Linux Type: XSRF Risk: Low Status: public/fixed Fix...

2.1AI score
Exploits0
Atlassian
Atlassian
added 2014/02/21 9:7 a.m.21 views

XSRF Protection Disables Basic URL Rest Authorization

According to this REST page: https://developer.atlassian.com/display/BAMBOODEV/Using+the+Bamboo+REST+APIs You should be able to login to REST via a URL request by using the following scheme: "http://host:8085/rest/api/latest/plan?osauthType=basic&osusername=&ospassword=" This worked fine for us...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/02/21 9:7 a.m.26 views

XSRF Protection Disables Basic URL Rest Authorization

According to this REST page: https://developer.atlassian.com/display/BAMBOODEV/Using+the+Bamboo+REST+APIs You should be able to login to REST via a URL request by using the following scheme: "http://host:8085/rest/api/latest/plan?osauthType=basic&osusername=&ospassword=" This worked fine for us...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2013/12/23 2:57 p.m.23 views

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/12/23 2:57 p.m.635 views

Bamboo crashes when XSRF protection is enabled and proxy is wrongly configured

The new feature to enable XSRF protection|https://confluence.atlassian.com/display/BAMBOO/Configuring+XSRF+protection introduced in Bamboo 5.3, causes a crash if the tomcat proxy config are wrongly configured. Steps to reproduced Configure Bamboo to use modproxy as detailed here:...

7.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/12/17 1:41 p.m.24 views

Enabling the XSRF in Bamboo cause the integration with JIRA 6.1.5 to break

Steps to reproduce: install JIRA 6.1.5 install Bamboo 5.3. Make sure the "Enable XSRF protection" is enabled via Bamboo Admin Security Security Settings integrate JIRA with Bamboo using Oauth authentication OR Basic Access OR Trusted Application in the JIRA UI, it will shows that JIRA can't conne...

1.7AI score
Exploits0
Atlassian
Atlassian
added 2012/09/03 11:31 a.m.19 views

Turning off Anti-XSRF protection for comments has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off verified that the setting is saved in the BANDANA table, adding comments is not possible, due to an XSRF warning. This is also covered in more details on this KB:...

0.5AI score
Exploits0Affected Software1
Rows per page
Query Builder