CVE-2021-41916

A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a recently created administrative profile and add a unused or little used user to the unused or little used profile. without the victim's knowledge, by enticing an authenticated admin user to visit an attacker's web page. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Request Forgery|

CVE-2021-20489

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 197790. (CVSS:0.0) (Last Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Cross Site Request Forgery|

CVE-2021-29837

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. (CVSS:0.0) (Concluding Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Cross Site Request Forgery|

CVE-2021-35491

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request. (CVSS:0.0) (Terminal Update:2021-10-05)

2021-10-04T20:00:00-04:00October 4th, 2021|Cross Site Request Forgery|

CVE-2021-41764

A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local files. As a result, attackers could make a logged-in administrator upload arbitrary local files via a CSRF attack and send them to the attacker. (CVSS:0.0) (Concluding Update:2021-09-29)

2021-09-28T20:00:00-04:00September 28th, 2021|Cross Site Request Forgery|

CVE-2021-40108

An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint. (CVSS:0.0) (Terminal Update:2021-09-27)

2021-09-26T20:00:00-04:00September 26th, 2021|Cross Site Request Forgery|
Go to Top