CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46973
https://notcve.org/view.php?id=CVE-2022-46973
03 Mar 2023 — Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. • https://github.com/Fw-fW-fw/UPDATE-CVE/blob/main/CVE-2022-46973 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-42983
https://notcve.org/view.php?id=CVE-2022-42983
17 Oct 2022 — anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. anji-plus AJ-Report versión 0.9.8.6, permite a atacantes remotos omitir la autenticación de inicio de sesión mediante la suplantación de tokens JWT • https://gitee.com/anji-plus/report/issues/I5VVZ0 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21275 – CSRF in MediaWiki Report extension
https://notcve.org/view.php?id=CVE-2021-21275
25 Jan 2021 — The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protection against CSRF checks on Special:Report, so requests to report a revision could be forged. The problem has been fixed in commit f828dc6 by making use of MediaWiki edit tokens. La extensión "Report" de MediaWiki presenta una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF). Antes de la versión corregida, no había protección contra las comprobaciones de CSRF en Special:Re... • https://github.com/Kenny2github/Report/commit/f828dc6f73cdfaea5639edbf8ac7b326eeefb117 • CWE-352: Cross-Site Request Forgery (CSRF) •