Topic

CSRF

A collection of 29 issues

CVE-2022-40754 The webserver's `/confirm` endpoint had an open redirect.

This would redirect a user to their email if they had requested a confirmation link. This was fixed in 2.3.5. Upgrading to 2.3.5 is the recommended fix. If you are unable to upgrade, you can disable the open redirect in the `/confirm` endpoint. Open the `confirm.

CVE-2022-40604 Airflow url had formatting issue, allowing for information extraction.

The following flow was not escaping all text within it, allowing for cross site scripting (XSS) attacks. a href="%= request.getPathName() %>"> This issue was fixed in Apache Airflow 2.3.5. Impact In some cases, users may be able to inject arbitrary JavaScript into their Airflow deployments, leading to potential

CVE-2022-35196 TestLink v1.9.20 had a CSRF vulnerbility in plan/planView.php.

This issue was resolved by updating to version 1.9.21 or higher. Inspect the application URL to determine if you are running an outdated version of TestLink. An attacker can exploit this issue to perform requests that impact the user's session, such as stealing data or installing other malicious

CVE-2022-3232 Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.

The CSRF vulnerability exists in the GitHub v2.4.5 API. The attacker can submit a request to the victim to change the content on GitHub if they have access to the victim’s account on the repository. Exploitation Access the GitHub repository. Go to Settings, then Authentication. Click on

CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.

This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components. CVE-2023-40324 This was addressed in 23.1.66.13 and later. Cisco WebEx Teams does not support the use of XML external entities (XXE) in

CVE-2022-2597 The Visual Portfolio, Photo Gallery & Post Grid plugin before 2.19.0 had some security issues, allowing users with a low role to inject arbitrary CSS.

This is possible because the plugin does not have an ACL on its endpoints. An attacker can send requests to the affected REST APIs as high as they want, as long as they are a member of the contributor role. NOTE: Earlier versions of this plugin are also affected, but

CVE-2022-36676 An SQL injection was found in the Task Scheduling System v1.0. id parameter.

This flaw could be exploited by injecting malicious code into the database or via cross-site request forgery (CSRF) if users’ input was hijacked. The id parameter is typically used to identify a category. Therefore, it is critical that it be validated to limit the risk of an attack. We discovered

CVE-2022-36735 The Book Library Management System v1.0 had a SQL injection vulnerability.

A remote attacker could exploit this vulnerability to execute arbitrary SQL commands and retrieve sensitive data. In addition, this software was discovered to contain a cross-site request forgery (CSRF) vulnerability at /register.html; a malicious user could exploit this issue to execute arbitrary requests as if they were coming from

CVE-2022-37059 XSS in Subrion CMS 4.2.1 Login Field allows attacker to inject arbitrary code.

By using this vulnerability an attacker can steal cookie information and execute malicious code on the system of the affected website. In case of XSS in Admin Panel of Subrion CMS 4.2.1 an attacker can steal the session information and hijack the user login. There are many ways

CVE-2022-36194 An Attacker could leverage the XSS in the Pollers > Broker Configuration function of Actron Encentreon 22.04.0 to inject malicious code.

By manipulating the name parameter, an attacker can inject malicious code into the application’s code, which can lead to session hijacking and other forms of attack. VentureOne reported this issue to Envato, who promptly released a security update to close this XSS vulnerability. Another issue with Envato Studio 22.