Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-44387: EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) · Issue #29 · weng-xianhu/eyoucms

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Basic Information component under the Edit Member module.

CVE
#csrf#vulnerability#web
CVE-2022-43323: EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) · Issue #28 · weng-xianhu/eyoucms

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.

GHSA-w8fp-3gwq-gxpw: Concrete CMS vulnerable to Cross-site Request Forgery

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

CVE-2022-43693: Release 8.5.10 · concretecms/concretecms

Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.

CVE-2022-2449

The reSmush.it : the only free Image Optimizer & compress plugin WordPress plugin before 0.4.4 does not perform CSRF checks for any of its AJAX actions, allowing an attackers to trick logged in users to perform various actions on their behalf on the site.

CVE-2022-3538

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins

CVE-2022-3632

The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions.

CVE-2022-3978: Release v2.5.8 · NodeBB/NodeBB

A vulnerability, which was classified as problematic, was found in NodeBB up to 2.5.7. This affects an unknown part of the file /register/abort. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.5.8 is able to address this issue. The name of the patch is 2f9d8c350e54543f608d3d4c8e1a49bbb6cdea38. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-213555.