#csrf

Acronis Cyber Infrastructure version 5.0.1-61 suffers from a cross site request forgery vulnerability.

### Summary The endpoint `/site-structure/localizer/save-string/:lang/:defstring` accepts two parameter values: `lang` and `defstring`. These values are used in an unsafe way to set the keys and value of the `cfgStrings` object. It allows to add/modify properties of the `Object prototype` that result in several logic issues, including: - RCE vulnerabilities by polluting the `tempRootFolder` property - SQL injection vulnerabilities by polluting the `schema` property when using `PostgreSQL` database. ### Details - file: https://github.com/saltcorn/saltcorn/blob/v1.0.0-beta.13/packages/server/routes/infoarch.js#L236-L239 ```js router.post( "/localizer/save-string/:lang/:defstring", isAdmin, error_catcher(async (req, res) => { const { lang, defstring } = req.params; // source const cfgStrings = getState().getConfigCopy("localizer_strings"); if (cfgStrings[lang]) cfgStrings[lang][defstring] = text(req.body.value); // [1] sink else cfgStrings[lang] = { [defstring]...

dizqueTV version 1.5.3 suffers from a remote code execution vulnerability.

ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.

Vehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TEM Opera Plus FM Family Transmitter, a FM Transmitter, are affected: Opera Plus FM Family Transmitter: Version 35.45 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS File System binary image upload without authentication. This file system serves as the basis for the HTTP2 web server module but is also used by the SNMP module and is available to other applications that require basic read-on...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of PowerSYSTEM Center are affected: PowerSYSTEM Center: PSC 2020 v5.21.x and prior 3.2 Vulnerability Overview 3.2.1 SERVER-SIDE REQUEST FORGERY (SSRF) CWE-918 Vulnerable versions of PowerSYSTEM Center utilize Axios NPM package 0.21.0, which contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address. CVE-2020-28168 has been assi...

Printing Business Records Management System version 1.0 suffers from a cross site request forgery vulnerability.

Online Eyewear Shop version 1.0 suffers from a cross site request forgery vulnerability.

### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. ### Details The vulnerability occurs when creating an alert transport. The application does not properly sanitize the user input in the "Details" field, allowing an attacker to inject and store arbitrary JavaScript. This script is then executed in the context of the page whenever the alert transport is viewed or processed. For instance, the following payload can be used to trigger the XSS: ```test1<script>{onerror=alert}throw 1337</script>``` When the page containing the transport details is loaded, this payload causes the browser to exec...