RSS   Podatności dla 'Flarum'   RSS

2019-07-07
 
CVE-2019-13183

CWE-352
 

 
Flarum before 0.1.0-beta.9 allows CSRF against all POST endpoints, as demonstrated by changing admin settings.

 
2019-04-24
 
CVE-2019-11514

CWE-20
 

 
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.

 
2018-11-09
 
CVE-2018-19133

CWE-200
 

 
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address.

 


Copyright 2024, cxsecurity.com

 

Back to Top