Tgianko

**Name of the Vulnerable Software and Affected Versions** Simple Invoices version 2013.1.beta.8 **Description** The issue allows remote attackers to hijack the authentication of admins for requests. This can lead to creating new administrator user accounts and taking over the entire application, creating regular user accounts, or changing configuration parameters such as tax rates and the enable/disable status of PayPal payment modules. **Recommendations** For Simple Invoices version 2013.1.beta.8, consider implementing proper CSRF protection mechanisms to prevent authentication hijacking, such as token-based validation for sensitive operations like creating new administrator or regular user accounts, and modifying configuration parameters.

**Name of the Vulnerable Software and Affected Versions** Mautic version 1.4.1 **Description** The issue allows remote attackers to hijack the authentication of users for requests that delete email campaigns or delete contacts due to multiple cross-site request forgery (CSRF) vulnerabilities. **Recommendations** For Mautic version 1.4.1, update to a version that includes a fix for the CSRF vulnerabilities to prevent authentication hijacking for requests such as deleting email campaigns or contacts.