Lucene search
K

4072 matches found

Huntr
Huntr
โ€ขadded 2021/08/24 8:52 p.m.โ€ข4 views

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

โœ๏ธ Description csrf bug to make clone of a role ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept i see everywhere csrf token is checking but during cloning of role, it does not check csrf token .\ Belllow url is vulnerable to csrf attack to make a clone of role...

7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 8:48 p.m.โ€ข12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

โœ๏ธ Description Stored xss via rolename ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1. First goto https://demo.livehelperchat.com/siteadmin/permission/roles and create a role with xss payload xss"'' and save it .\ 2. now try to edit this role using url like...

1.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 6:35 p.m.โ€ข12 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

โœ๏ธ Description Stored Xss on smtp/Sender address ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Step To Reproduce: 1. Go to system/smtp 2. add the payload: " on "Sender address" or "Default from e-mail address" or "Default from name" all the 3 params are vulnerable to xss 3. save it and you can see that the xss fires poc...

7.1AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/24 5:8 p.m.โ€ข17 views

Cross-site Scripting (XSS) - Stored in yourls/yourls

โœ๏ธ Description stored xss ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept plz check this 1 minute video to reproduce the bug https://drive.google.com/file/d/1MHQSKVczRNwDC8S6xKuedjMNcQw8YOz5/view?usp=sharing ๐Ÿ’ฅ Impact Stored xss allow to executed arbitary javascript code...

3.5CVSS0.8AI score0.00697EPSS
Exploits1
Huntr
Huntr
โ€ขadded 2021/08/24 4:44 p.m.โ€ข8 views

in circuitverse/circuitverse

โœ๏ธ Description no rate limit allow to send unlimited email to any mail address ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept During forgot password there is no rate limit to send password-reset email which allow to send unlimited email to a mail address. bellow request is vulnerable to rate-limit bug POST /users/password...

7.3AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 4:37 p.m.โ€ข21 views

Improper Privilege Management in circuitverse/circuitverse

โœ๏ธ Description subscribe to any private project ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept There is two different user called user-A and user-B.\ 1. User-A created a private project .\ 2. Now User-B sent bellow request to subscribe to above private project PUT /commontator/threads/496401/subscribe HTTP/2 Host:...

0.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 4:26 p.m.โ€ข11 views

Improper Privilege Management in circuitverse/circuitverse

โœ๏ธ Description upvote in any private comment ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Bellow request is vulnerable to upvote in any comment of private project POST /commontator/comments/1312/upvote HTTP/2 Host: circuitverse.org Cookie: User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0 Gecko/20100101...

0.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 4:21 p.m.โ€ข6 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

โœ๏ธ Description here is a Stored XSS on the user profile image uploader via svg file ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Step to reproduce: 1. Go to account profile 2. Click the choose file option to update profile image 3. Upload the svg file containing malicious code: or you can download it from :...

6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 4:5 p.m.โ€ข6 views

in circuitverse/circuitverse

โœ๏ธ Description Privilege escalation bug to add comment to any private project ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Bellow request is vulnerable to privilege escalation bug POST /commontator/threads/496401/comments HTTP/2 Host: circuitverse.org Cookie: .. User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:90.0...

1.1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/24 2:15 p.m.โ€ข7 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description Attacker is able to rename any file on the server if logged in user visits attacker website. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt renames to test.php. //PoC.html history.pushState'',...

1.2AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 2:11 p.m.โ€ข11 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description Attacker is able to delete any file on the server if logged in user visits attacker website. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Create a test.txt file under /home/user when you logged in open this POC.html in a browser you can check test.txt deletes. //PoC.html history.pushState'', '', '/'...

1.1AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 2:5 p.m.โ€ข7 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download access log and potentially sensitive information leakage. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that...

0.5AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 2:3 p.m.โ€ข9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description The download/web-log endpoint does not have CSRF Protection. This could be used to force download error log and potentially sensitive information leakage. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Login to user account. Create the following POC.html file and open the page in browser. To verify that you...

0.6AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 2:0 p.m.โ€ข6 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description Attacker is able to "delete" an element from favorite. this vulnerability happens on some sections. for example on โ€œFirewallโ€ tab list/firewall/ ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record deletes from...

0.8AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 1:56 p.m.โ€ข9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description Attacker is able to add an element to favorite. this vulnerability happens on some sections. for example on โ€œFirewallโ€ tab list/firewall/ ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally first record saves as favorite...

0.7AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 1:52 p.m.โ€ข9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description In this application there is weak CSRF protection on backup functionality. therefore according to below POC.html when a logged in user visits attacker website then an unintentional backup request sends to application. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept //PoC.html history.pushState'', '', '/'...

1.3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 1:46 p.m.โ€ข9 views

Cross-Site Request Forgery (CSRF) in myvesta/vesta

โœ๏ธ Description Attacker is able to logout user if a logged in user visits attacker website. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally you logged out history.pushState'', '', '/' document.forms0.submit; ๐Ÿ’ฅ Impact This vulnerability is...

1.6AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/24 2:33 a.m.โ€ข11 views

in livehelperchat/livehelperchat

โœ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

1.3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/23 7:25 p.m.โ€ข13 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to delete any number of Accounting Subaccounts with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 7:22 p.m.โ€ข10 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to change any role with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 7:17 p.m.โ€ข11 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to delete any number of Agents with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSR...

1.6AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 7:12 p.m.โ€ข9 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to delete any number of Purchases invoices with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.4AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 7:7 p.m.โ€ข5 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to delete any number of Accounting Reports with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 7:1 p.m.โ€ข14 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to delete any number of customers with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In...

1.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 6:55 p.m.โ€ข11 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

โœ๏ธ Description Attacker able to delete any number of users with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/23 5:10 p.m.โ€ข24 views

in yourls/yourls

โœ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

6.8CVSS1.3AI score0.00405EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/08/23 3:56 p.m.โ€ข16 views

in getgrav/grav-plugin-admin

โœ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

5.8CVSS1.3AI score0.01547EPSS
Exploits1References1
Huntr
Huntr
โ€ขadded 2021/08/23 11:38 a.m.โ€ข7 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:36 a.m.โ€ข3 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:35 a.m.โ€ข14 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:33 a.m.โ€ข8 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:31 a.m.โ€ข12 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.4AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:29 a.m.โ€ข19 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:27 a.m.โ€ข9 views

Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.2AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:15 a.m.โ€ข25 views

Cross-site Scripting (XSS) - Stored in namelessmc/nameless

โœ๏ธ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end userโ€™s browser has no way to know that the script should not be trusted, and will...

5.4AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 11:12 a.m.โ€ข39 views

Code Injection in namelessmc/nameless

โœ๏ธ Description Code Injection is the general term for attack types which consist of injecting code that is then interpreted/executed by the application. This type of attack exploits poor handling of untrusted data. These types of attacks are usually made possible due to a lack of proper...

1.3AI score
Exploits0References2
Huntr
Huntr
โ€ขadded 2021/08/23 8:37 a.m.โ€ข10 views

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

โœ๏ธ Description The Import functionality in the application is vulnerable to CSRF attacks. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept history.pushState'', '', '/' ๐Ÿ’ฅ Impact This vulnerability can let an attacker import data to the database without the knowledge/interaction of the user...

3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/23 8:33 a.m.โ€ข16 views

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

โœ๏ธ Description The delete key functionality in the application is vulnerable to CSRF attack. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept history.pushState'', '', '/' ๐Ÿ’ฅ Impact This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user...

2.4AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/23 8:28 a.m.โ€ข13 views

Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

โœ๏ธ Description The Add Key functionality in the Application is vulnerable to CSRF attack. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept history.pushState'', '', '/' ๐Ÿ’ฅ Impact This vulnerability can let an attacker add data to the database without the knowledge/interaction of the user. ๐Ÿ“ Location index.phpL1 ๐Ÿ“ References...

2.8AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/23 8:16 a.m.โ€ข10 views

in erikdubbelboer/phpredisadmin

โœ๏ธ Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact According to PortSwigger references, it is possible for a page controlled by an attacker...

1.3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/23 8:10 a.m.โ€ข7 views

Cross-site Scripting (XSS) - Reflected in erikdubbelboer/phpredisadmin

โœ๏ธ Description The application is vulnerable to XFS attack. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Navigate to https://domain.tld/phpRedisAdmin/?https://www.eia.gov/state/maps The page https://www.eia.gov/state/maps.php will be loaded in an iframe on the page. ๐Ÿ’ฅ Impact Cross-Frame Scripting XFS is an attack that...

0.8AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/22 9:2 p.m.โ€ข10 views

Cross-site Scripting (XSS) - Stored in janeczku/calibre-web

๐Ÿ’ฅ BUG stored xss via book description ๐Ÿ’ฅ STEP TO REPRODUCE Lets there is two user Admin and user-B . user-B has edit permission in book.\ \ 1. Now goto user-B account and visit http://localhost:8083/admin/book/12 and edit the metadata .\ During edit put bellow xss payload in book Description field...

0.7AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/21 4:45 p.m.โ€ข11 views

SQL Injection in slackero/phpwcms

โœ๏ธ Description Data enters a program from an untrusted source ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' ๐Ÿ’ฅ Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...

1.5AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/21 4:39 p.m.โ€ข5 views

Cross-site Scripting (XSS) - Reflected in slackero/phpwcms

โœ๏ธ Description Reflected xss ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 'HTTP-REFERER: '.echoempty$ref ? 'unknown' : $ref; ๐Ÿ’ฅ Impact xss bug...

2.1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/21 10:39 a.m.โ€ข10 views

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in slackero/phpwcms

โœ๏ธ Description The secure flag is not set for PHPSESSID session cookie in the application. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from...

0.3AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/21 10:15 a.m.โ€ข17 views

Sensitive Cookie Without 'HttpOnly' Flag in slackero/phpwcms

โœ๏ธ Description HTTPOnly attribute is not set for session cookies in the application. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept ๐Ÿ’ฅ Impact When a cookie doesnโ€™t have an HttpOnly flag, it can be accessed through JavaScript, which means that an XSS could lead to cookies being stolen. These include session cookies that can...

0.6AI score
Exploits0References1
Huntr
Huntr
โ€ขadded 2021/08/20 4:23 p.m.โ€ข5 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

โœ๏ธ Description Attacker able to delete any Link with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF attacks it...

1.2AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/20 3:26 p.m.โ€ข7 views

in cortezaproject/corteza-server

โœ๏ธ Description Hi team i found an Unrestricted File Upload on https://latest.cortezaproject.org/ which let me upload anything. File Extensions Such as .html , .svg and others should not be executed on the server side. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept Step to Reproduce 1- Go to the Employees tab and choose an...

5.9AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/20 2:42 p.m.โ€ข10 views

Cross-site Scripting (XSS) - Stored in cortezaproject/corteza-webapp-workflow

โœ๏ธ Description Stored Cross-Site Scripting XSS is the type of XSS when a user injects a maliscous javascript code into the web applacation and it gets later rendered in victim browser. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Proof of Concept 1. Sign in to the application as admin 2. Go to workflows 3. Edit workflow and set the...

1AI score
Exploits0
Huntr
Huntr
โ€ขadded 2021/08/20 7:14 a.m.โ€ข17 views

Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii

โœ๏ธ Description Attacker able to set default currency with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

4.3CVSS1.4AI score0.00405EPSS
Exploits0
Total number of security vulnerabilities4072