Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

DEXMA DexGate

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: DEXMA Equipment: DEXGate Vulnerabilities: Cross-Site Scripting, Cross-Site Request Forgery, Improper Authentication, Cleartext Transmission of Sensitive Information, Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in the attacker impersonating a user, executing arbitrary code, and accessing the connected network. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of DEXGate is affected: DEXGate: Version 20130114 3.2 Vulnerability Overview 3.2.1 CROSS-SITE SCRIPTING (XSS) CWE-79 The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software. CVE-2023-40153 has been assigned to this vulnerab...

us-cert
Open in Source
#xss#csrf#vulnerability#web#git#java#auth
CVE-2023-35793: GitHub - Dodge-MPTC/CVE-2023-35793-CSRF-On-Web-SSH: Repository contains description for CVE-2023-35793

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.

CVE-2023-43278: CVE-2023-43278_sugaryzheng的博客-CSDN博客

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.

CVE-2023-3547

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.

Taskhub 2.8.8 Cross Site Scripting

Taskhub version 2.8.8 suffers from a cross site scripting vulnerability.

Luxcal Event Calendar 3.2.3 Cross Site Request Forgery

Luxcal Event Calendar version 3.2.3 suffers from a cross site request forgery vulnerability.

CVE-2023-42321: CVE-2023-42321

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

GHSA-55q6-r3hm-7ff4: Jenkins Build Failure Analyzer Plugin missing permission check

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Build Failure Analyzer Plugin 2.4.2 requires POST requests and Overall/Administer permission for the affected HTTP endpoint.

GHSA-2wwh-qgh8-w9xw: Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not require POST requests for an HTTP endpoint, resulting in cross-site request forgery (CSRF) vulnerabilities. This vulnerability allows attackers to delete Failure Causes. Build Failure Analyzer Plugin 2.4.2 requires POST requests for the affected HTTP endpoint.

GHSA-58rq-69jp-xc23: Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not perform a permission check in a connection test HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. Additionally, this HTTP endpoint does not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability. Build Failure Analyzer Plugin 2.4.2 requires POST requests and Overall/Administer permission for the affected HTTP endpoint.