Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
csrf vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2013-7464
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used....
Csrf-magic Project Csrf-magic
6.8
CVSSv2
CVE-2019-17590
** DISPUTED ** The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via...
Csrf Magic Project Csrf Magic
4.3
CVSSv2
CVE-2021-29624
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g....
Fastify Fastify-csrf
1 Github repository available
4.3
CVSSv2
CVE-2016-10535
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead...
Csrf-lite Project Csrf-lite
NA
CVE-2022-39287
tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit `8eead6d` and the patch with be included in version...
Tiny-csrf Project Tiny-csrf
1 Github repository available
6.8
CVSSv2
CVE-2020-28482
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter...
Fastify Fastify-csrf
NA
CVE-2018-25060
A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely....
Go-macaron Csrf -
NA
CVE-2023-27495
@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions....
Fastify Csrf-protection
5.1
CVSSv2
CVE-2019-10353
CSRF tokens in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier did not expire, thereby allowing attackers able to obtain them to bypass CSRF protection....
Jenkins Jenkins
6.8
CVSSv2
CVE-2021-44227
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes....
Gnu Mailman
Debian Debian Linux 9.0
1 Github repository available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
seacms
CVE-2023-28393
remote code execution
authentication bypass
open redirect
acymailing
CVE-2023-43339
CVE-2023-3664
openstack
popup builder
CVE-2023-21987
CVE-2023-21991
CVE-2023-3550
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »