Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2019-13364: Issues · Piwigo/Piwigo

admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF.

CVE
#xss#csrf#git#php
CVE-2016-10945: PageLines Platform 1.1.4 CSRF vulnerability | Klikki

The PageLines theme 1.1.4 for WordPress has wp-admin/admin-post.php?page=pagelines CSRF.

CVE-2019-14998: [JRASERVER-69791] "Cookie Tossing" CSRF weakness against subdomains - CVE-2019-14998

The Webwork action Cross-Site Request Forgery (CSRF) protection implementation in Jira before version 8.4.0 allows remote attackers to bypass its protection via "cookie tossing" a CSRF cookie from a subdomain of a Jira instance.

CVE-2019-5069: TALOS-2019-0858 || Cisco Talos Intelligence Group

A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability.

CVE-2019-15838: Custom 404 Pro

The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789.

CVE-2019-10384: Jenkins Security Advisory 2019-08-28

Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user.

CVE-2019-10383: Jenkins Security Advisory 2019-08-28

A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages.

CVE-2019-13477: CentOS-Control-Web-Panel-CVE/CVE-2019-13477.md at master · i3umi3iei3ii/CentOS-Control-Web-Panel-CVE

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.

CVE-2019-14246: CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 phpMyAdmin Password Change ≈ Packet Storm

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.