![]() ![]() ![]() ![]() If the victim is an administrative account, a CSRF attack could compromise the entire web application.Ī vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacksĪ successful CSRF attack could force the user to perform state changing requests on the application. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The associated identifier of this vulnerability is VDB-248687. The exploit has been disclosed to the public and may be used. The manipulation leads to cross-site request forgery. This issue affects some unknown processing of the file /dashboard?controller=UserCollection::createUser of the component User Creation Handler. Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.Ī vulnerability was found in automad up to 1.10.9. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |