Количество 2
Количество 2
CVE-2016-10529
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.
GHSA-rhvc-x32h-5526
No CSRF Validation in droppy
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2016-10529 Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | CVSS3: 8.8 | 0% Низкий | больше 7 лет назад |
| GHSA-rhvc-x32h-5526 No CSRF Validation in droppy | 0% Низкий | почти 7 лет назад |
Уязвимостей на страницу