Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-20944: some vulnerabilities in qibosoft(齐博CMS整站系统v7)_tnt阿信的博客-CSDN博客

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.

CVE
#sql#xss#csrf#vulnerability#web#ubuntu#linux#php#auth#firefox
CVE-2020-20946: some vulnerabilities in qibosoft(齐博CMS整站系统v7)_一个安全研究员-CSDN博客

Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.

CVE-2021-24988

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attacks

CVE-2021-4168

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-4162: Cross-Site Request Forgery (CSRF) in archivy

archivy is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2020-20593: 信呼OA在线演示_信呼

A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.

CVE-2020-20595: There is one CSRF vulnerability that can add the account · Issue #25 · lock-upme/OPMS

A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.

CVE-2020-20598: Csrf + Xss combination Can be obtained user cookie · Issue #199 · xuhuisheng/lemon

A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.