CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43337 – WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43337
Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0. The Brave Popup Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.0. This is due to missing or incorrect nonce validation on the bravepop_ajax_zoho_init_token() function. This makes it possible for unauthenticated attackers to save an integration token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30453 – WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30453
Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brave Brave Popup Builder. Este problema afecta a Brave Popup Builder: desde n/a hasta 0.6.5. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-6-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28360
https://notcve.org/view.php?id=CVE-2023-28360
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. • https://hackerone.com/reports/1848062 • CWE-223: Omission of Security-relevant Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47932
https://notcve.org/view.php?id=CVE-2022-47932
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. Brave Browser anterior a 1.43.34 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esta vulnerabilidad se debe a una solución incompleta para CVE-2022-47933. • https://github.com/brave/brave-browser/issues/24093 https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50 https://github.com/brave/brave-core/pull/14211 https://hackerone.com/reports/1636430 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47933
https://notcve.org/view.php?id=CVE-2022-47933
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. Brave Browser anterior a 1.42.51 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que hace referencia al esquema IPFS. Esta vulnerabilidad es causada por una excepción no detectada en la función ipfs::OnBeforeURLRequest_IPFSRedirectWork() en ipfs_redirect_network_delegate_helper.cc. • https://github.com/brave/brave-browser/issues/23646 https://github.com/brave/brave-browser/issues/24378 https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56 https://github.com/brave/brave-core/pull/13989 https://hackerone.com/reports/1610343 • CWE-755: Improper Handling of Exceptional Conditions •