Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

Packet Storm
Open in Source
#xss#csrf#vulnerability#web#windows#apple#linux#wordpress#php#auth#chrome#webkit
SPIP 4.2.1 Remote Code Execution

SPIP versions 4.2.1 and below suffer from an unauthenticated remote code execution vulnerability.

CVE-2022-3372: Cross Site Request Forgery Csrf Riello Ups Netman 204 | INCIBE-CERT

There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.

CVE-2023-2533: PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF | Advisories | Fluid Attacks

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

CVE-2023-2533: PaperCut: Print management software

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

CVE-2020-20502: Denial of service attack caused by CSRF(CSRF造成的拒绝服务攻击) · Issue #27 · yzmcms/yzmcms

Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.

CVE-2020-21366: There is a CSRF vulnerability that can add the administrator account · Issue #115 · GreenCMS/GreenCMS

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.

CVE-2020-21252: User deletion caused by CSRF · Issue #13 · Neeke/HongCMS

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.

CVE-2020-20070: [security vulnerability] Reflective XSS when view the survey result · Issue #48 · wkeyuan/DWSurvey

Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.

CVE-2020-20726: There is a CSRF vulnerability that can add an administrator account · Issue #51 · GilaCMS/gila

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.