NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The associated identifier of this vulnerability is VDB-248687. The exploit has been disclosed to the public and may be used. The manipulation leads to cross-site request forgery. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attackĪ vulnerability was found in automad up to 1.10.9. Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack This vulnerability is possible due to the lack of propper CSRF token implementation. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |