Vulnerabilities > Xunfeng Project

DATE	CVE	VULNERABILITY TITLE	RISK
2018-09-12	CVE-2018-16951	Cross-Site Request Forgery (CSRF) vulnerability in Xunfeng Project Xunfeng 0.2.0 xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. network low complexity xunfeng-project CWE-352	8.0
2018-09-11	CVE-2018-16832	Cross-Site Request Forgery (CSRF) vulnerability in Xunfeng Project Xunfeng 0.2.0 CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. network low complexity xunfeng-project CWE-352	6.5

Vulnerabilities > Xunfeng Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xunfeng Project"}]}