Tag
#csrf
Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Phpsysinfo 3.4.3 disables the functionality by default but the users may enable the vulnerable functionality.
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: EFACEC Equipment: BCU 500 Vulnerabilities: Uncontrolled Resource Consumption, Cross-site Request Forgery 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition on the affected product or compromise the web application through a cross-site request forgery (CSRF) vulnerability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of EFACEC BCU 500, an automation and control IED, is affected: BCU 500: version 4.07 3.2 Vulnerability Overview 3.2.1 UNCONTROLLED RESOURCE CONSUMPTION CWE-400 Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. CVE-2023-50707 has been assigned to this vulnerability. A CVSS v3 base score of 9.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H). 3.2....
### Impact _What kind of vulnerability is it? Who is impacted?_ Original Report: > The Oauth2 PKCE implementation is vulnerable in 2 ways: > 1. The `authCodeVerifier` should be removed after usage (similar to 'authState') > 2. There is a risk for a "downgrade attack" if PKCE is being relied on for CSRF protection. ### Patches _Has the problem been patched? What versions should users upgrade to?_ 2.2.15 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ not known yet. ### References _Are there any links users can visit to find out more?_
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX – Currency Switcher Professional for WooCommerce.This issue affects FOX – Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.
Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.
Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.
Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.
Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.