Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2020-2292: Jenkins Security Advisory 2020-10-08

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.

CVE
#xss#csrf#vulnerability#web#java#perl#ssrf#auth#maven
CVE-2020-25270: PHP Project, PHP Projects Ideas, PHP Latest tutorials, PHP oops Concept

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

CVE-2020-15181: Merge remote-tracking branch 'remotes/origin/candidate' into release · FlexSolution/AlfrescoResetPassword@5927b96

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

CVE-2020-15776: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery.

CVE-2020-15771: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation.

CVE-2020-15767: Gradle Enterprise - Security Advisories

An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF.

CVE-2020-24373: L'actualité de la Freebox » Blog Archive

A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

CVE-2020-25015: Genexis Platinum 4410 Router - Broken Access Control, CSRF

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.