CVE-2024-48913

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

Hono, a web framework, prior to version 4.6.5 is vulnerable to bypass of cross-site request forgery (CSRF) middleware by a request without Content-Type header. Although the CSRF middleware verifies the Content-Type Header, Hono always considers a request without a Content-Type header to be safe. This can allow an attacker to bypass CSRF protection implemented with Hono CSRF middleware. Version 4.6.5 fixes this issue.

Related Vulnerabilities

CVE-2019-18376

MEDIUM
CVSS:5.9(Medium)

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC...

CWE-3522019

CVE-2020-14319

MEDIUM
CVSS:5.9(Medium)

It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. For example authorise...

CWE-3522020

CVE-2024-27623

MEDIUM
CVSS:5.9(Medium)

CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs.

CWE-3522024

CVE-2024-3472

MEDIUM
CVSS:5.9(Medium)

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

CWE-3522024

CVE-2024-40035

MEDIUM
CVSS:5.9(Medium)

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.

CWE-3522024

CVE-2024-5033

MEDIUM
CVSS:5.9(Medium)

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS pay...

CWE-3522024