Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-1033: huntr – Security Bounties for any GitHub repository

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.

CVE
#csrf#git
CVE-2021-34167: There are two CSRF vulnerabilities that can add administrator account and change administrator password · Issue #6 · taogogo/taocms

Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.

CVE-2022-1607

Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.

GHSA-c57v-hc7m-8px2: Cross-site Scripting in Quarkus

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

CVE-2023-0044: Red Hat Customer Portal - Access to 24x7 support and knowledge

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

CVE-2023-20011: Cisco Security Advisory: Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.

Froxlor 2.0.6 Remote Command Execution

Froxlor versions 2.0.6 and below suffer from a bug that allows authenticated users to change the application logs path to any directory on the OS level which the user www-data can write without restrictions from the backend which leads to writing a malicious Twig template that the application will render. That leads to remote command execution under the user www-data.

Red Hat Security Advisory 2023-0777-01

Red Hat Security Advisory 2023-0777-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.

CVE-2023-24415: WordPress ChatBot plugin <= 4.2.8 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud ChatBot ? plugin <= 4.2.8 versions.