Xunfeng Project

xunfeng_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Xunfeng

xunfeng

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-16951 1Xunfeng Project 1Xunfeng Nov 21, 2024 Sep 12, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.
CVE-2018-16832 1Xunfeng Project 1Xunfeng Nov 21, 2024 Sep 11, 2018 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host...Show more CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2018-16951

1Xunfeng Project

1Xunfeng

Nov 21, 2024

Sep 12, 2018

N/A· v4

8.0 HIGH· v3

6.0 MEDIUM· v2

xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832.

CVE-2018-16832

1Xunfeng Project

1Xunfeng

Nov 21, 2024

Sep 11, 2018

N/A· v4

6.5 MEDIUM· v3

4.3 MEDIUM· v2

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host...Show more