CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSRF) via the component /yzmcms/comment/index/init.html.

Prepare two accounts: test01 and test02, background settings allow users to contribute,  
Generate POC of CSRF with test01, First log in to test01 and comment on an article, and grab the request packet,  
![image](https://user-images.githubusercontent.com/89461075/150620972-2b6b5173-9595-4c8a-a420-4bf73e6f77d2.png)  
![image](https://user-images.githubusercontent.com/89461075/150620988-362e6ea5-c06f-4e82-ad39-5b3e926cb553.png)

Log in to TEST02 with another browser and open the web page of the generated POC,  
Triggered CSRF and successfully commented as TEST02.  
![image](https://user-images.githubusercontent.com/89461075/150621077-c0974563-9d10-4801-b255-631261e8242f.png)

CVE-2022-23888: YzmCMSV6. 3. There is a CSRF vulnerability in the foreground in the official version(YzmCMS V6.3 正式版前台存在csrf漏洞) · Issue #60 · yzmcms/yzmcms

Headline

CVE-2022-23888: YzmCMSV6. 3. There is a CSRF vulnerability in the foreground in the official version(YzmCMS V6.3 正式版前台存在csrf漏洞) · Issue #60 · yzmcms/yzmcms

CVE: Latest News