Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2021-3944: Prevented auto-login from direct email confirmation actions · BookStackApp/BookStack@88e6f93

bookstack is vulnerable to Cross-Site Request Forgery (CSRF)

CVE
#csrf
RHSA-2021:4913: Red Hat Security Advisory: mailman security update

An update for mailman is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2016-6893: mailman: CSRF protection missing in the user options page * CVE-2021-42097: mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * CVE-2021-44227: mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

RHSA-2021:4915: Red Hat Security Advisory: mailman:2.1 security update

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44227: mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

RHSA-2021:4916: Red Hat Security Advisory: mailman:2.1 security update

An update for the mailman:2.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44227: mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover

CVE-2021-44227: Bug #1952384 “A CSRF vulnerability could allow a list moderator ...” : Bugs : GNU Mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2021-44227: Bug #1952384 “A CSRF vulnerability could allow a list moderator ...” : Bugs : GNU Mailman

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.

CVE-2021-43137: Offensive Security’s Exploit Database Archive

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVE-2021-43137: Offensive Security’s Exploit Database Archive

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.

CVE-2021-4015: Fix CSRF issues · firefly-iii/firefly-iii@518b4ba

firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-4017: Cross-Site Request Forgery (CSRF) in showdoc

showdoc is vulnerable to Cross-Site Request Forgery (CSRF)