Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
Max CVSS
8.8
EPSS Score
0.46%
Published
2019-11-05
Updated
2020-08-18
The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.
Max CVSS
8.8
EPSS Score
0.36%
Published
2016-02-25
Updated
2023-12-08
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
Max CVSS
8.8
EPSS Score
0.71%
Published
2017-09-20
Updated
2022-12-20
Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.
Max CVSS
8.8
EPSS Score
0.09%
Published
2016-09-21
Updated
2016-10-04
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.
Max CVSS
8.8
EPSS Score
0.23%
Published
2018-04-13
Updated
2018-05-15
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves (1) hosting a crafted plugin that executes an arbitrary program from its __init__.py file and (2) causing the victim to download, install, and enable this plugin.
Max CVSS
8.8
EPSS Score
1.01%
Published
2017-03-18
Updated
2020-07-08
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
Max CVSS
8.8
EPSS Score
0.44%
Published
2017-05-18
Updated
2019-03-15
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.
Max CVSS
8.8
EPSS Score
0.46%
Published
2018-03-27
Updated
2018-04-20
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation.
Max CVSS
8.8
EPSS Score
0.28%
Published
2018-06-13
Updated
2019-03-29
NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61.
Max CVSS
8.8
EPSS Score
0.32%
Published
2018-10-18
Updated
2018-12-03
Wikimedia MediaWiki through 1.32.1 allows CSRF.
Max CVSS
8.8
EPSS Score
0.40%
Published
2019-07-10
Updated
2019-07-11
In phpBB before 3.1.7-PL1, includes/acp/acp_bbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting them.
Max CVSS
8.8
EPSS Score
0.55%
Published
2019-09-30
Updated
2019-11-21
WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.
Max CVSS
8.8
EPSS Score
0.20%
Published
2019-10-17
Updated
2023-02-03
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Max CVSS
8.8
EPSS Score
0.11%
Published
2021-12-02
Updated
2022-12-09
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
Max CVSS
8.6
EPSS Score
0.62%
Published
2017-05-18
Updated
2019-10-03
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
Max CVSS
8.5
EPSS Score
0.26%
Published
2021-10-21
Updated
2021-11-05
Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.
Max CVSS
8.0
EPSS Score
0.68%
Published
2022-07-28
Updated
2022-10-28
The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies.
Max CVSS
7.5
EPSS Score
0.77%
Published
2016-10-03
Updated
2018-01-05
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
Max CVSS
6.8
EPSS Score
0.79%
Published
2011-07-29
Updated
2022-08-29
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
Max CVSS
6.8
EPSS Score
0.45%
Published
2014-04-23
Updated
2018-12-13
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack.
Max CVSS
6.8
EPSS Score
0.15%
Published
2014-08-18
Updated
2015-11-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary (1) commands via the cmd parameter to admin/cmdshell.php, (2) SQL queries via the sql parameter to admin/sqlshell.php, or (3) PHP code via the php parameter to admin/phpshell.php.
Max CVSS
6.8
EPSS Score
0.73%
Published
2015-11-19
Updated
2021-05-19
letodms 3.3.6 has CSRF via change password
Max CVSS
6.5
EPSS Score
0.25%
Published
2019-11-13
Updated
2019-11-15
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
Max CVSS
6.5
EPSS Score
3.28%
Published
2019-11-05
Updated
2020-08-18
Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Max CVSS
6.5
EPSS Score
0.49%
Published
2019-06-27
Updated
2022-10-11
36 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!