Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-47130: What is CSRF (Cross-site request forgery)? Tutorial & Examples | Web Security Academy

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.

CVE
#xss#csrf#vulnerability#web#perl#auth#chrome
CVE-2022-47131: Academy LMS < 5.10 CSRF + XSS Stored

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.

CVE-2023-23635: Security Advisory usd- 2022-0031 | usd HeroLab

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.

CVE-2022-40692: WordPress Sunshine Photo Cart plugin <= 2.9.13 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

CVE-2022-44585: WordPress Homepage PopUp plugin <= 1.2.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.

CVE-2022-46815: WordPress Conditional Shipping for WooCommerce plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.