csrf - Page 233 - Security Headlines - AI Powered Cyber Security News Aggregator

GHSA-jp3m-p26h-mm7v: Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

2 years ago

ghsa

Open in Source

#csrf #vulnerability #apache #js #git

GHSA-9x9j-vrhj-v364: Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

2 years ago

ghsa

Open in Source

#csrf #vulnerability #apache #js #git

ParseThru: HTTP parameter smuggling flaw uncovered in several Go applications

Harbor, Traefik, and Skipper projects tackle unsafe URL parsing methods

2 years ago

PortSwigger

Open in Source

#xss #csrf #vulnerability #auth

CVE-2022-34158: JSPWiki: CVE-2022-34158Cve=title

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

2 years ago

CVE

Open in Source

#csrf #vulnerability #apache #js

CVE-2022-36359: Archive of security issues | Django documentation

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

2 years ago

CVE

Open in Source

#csrf #ssrf

Jenkins security: Unpatched XSS, CSRF bugs included in latest plugin advisory

‘We believe that announcing vulnerabilities without a fix is the best solution for a difficult problem’

2 years ago

PortSwigger

Open in Source

#xss #csrf #vulnerability #web #java #zero_day #maven

CVE-2022-34937: CSRF can lead to RCE if admin is targeted · Issue #51 · u5cms/u5cms

Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code.

2 years ago

CVE

Open in Source

#csrf #vulnerability #web #php #rce

CVE-2022-36968: Progress Customer Community

In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks.

2 years ago

CVE

Open in Source

#csrf

CVE-2022-34613: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (4.8)

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.

2 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #mac #microsoft #apache #redis #js #git #java #php #perl #auth #firefox #sap #asp.net

CVE-2022-35118: AARO-Bugs/AARO-CVE-List.md at master · Accenture/AARO-Bugs

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

Tag

#csrf