Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.

Packet Storm
#xss#csrf#vulnerability#git#wordpress#intel#php#perl#auth
CVE-2023-0642: Antiforgery for profile pages. · Squidex/squidex@2da3c41

Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0.

Discrepancies Discovered in Vulnerability Severity Ratings

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

GHSA-p4xx-w6fr-c4w9: Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2

Clockwork Web before 0.1.2, when used with Rails before 5.2 is used, allows Cross-Site Request Forgery (CSRF). A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs. All users running an affected release on Rails < 5.2 should upgrade immediately.

CVE-2023-23750: Joomla! Developer Network

An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.

CVE-2023-23074: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.

CVE-2023-23073: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.

CVE-2023-23077: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment.

CVE-2023-23078: BugBounty

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets.