CVE-2022-2986 Enabling and disabling installed H5P libraries failed to protect from CSRF risk.
As a result, it was possible to trick a vulnerable website into installing a malicious H5P library. Malicious actors could craft a CSRF attack that
CVE-2022-35156 The Bus Pass Management System 1.0 had a SQL Injection vulnerability via the searchdata parameter.
A user with access to this parameter could exploit this vulnerability to obtain sensitive information about the system, such as the name of a person
CVE-2021-36855 An XSS vulnerability in the Booking Ultra Pro plugin = 1.1.4 at WordPress that is caused by CSRF.
The PoC exploit code is - Injecting XSS via CSRF. Reflected XSS via CSRF vulnerability can lead to serious security vulnerabilities in WordPress. The WordPress plugin
CVE-2022-31629 An older PHP version can set a cookie for later use which is treated as a '__Host-' or '__Secure-' cookie.
This can be exploited by malicious or compromised websites to facilitate a cross-site request forgery (CSRF) attack to take control of the affected website.
CVE-2022-40083 The Echo CMS v4.8.0 had an open redirect vulnerability in the Static Handler component.
SSRF is a type of attack where the attacker tricks the victim’s web application into executing a command on the server. The command can
Episode
00:00:00
00:00:00