RSS   Vulnerabilities for 'Xunfeng'   RSS

2018-09-11
 
CVE-2018-16951

CWE-352
 

 
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.

 
 
CVE-2018-16832

CWE-352
 

 
CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.

 


Copyright 2024, cxsecurity.com

 

Back to Top