Total
5523 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-7262 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | |||||
CVE-2017-18544 | 1 Invite Anyone Project | 1 Invite Anyone | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The invite-anyone plugin before 1.3.16 for WordPress has admin-panel CSRF. | |||||
CVE-2019-14216 | 1 Wp Svg Icons Project | 1 Wp Svg Icons | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in the svg-vector-icon-plugin (aka WP SVG Icons) plugin through 3.2.1 for WordPress. wp-admin/admin.php?page=wp-svg-icons-custom-set mishandles Custom Icon uploads. CSRF leads to upload of a ZIP archive containing a .php file. | |||||
CVE-2019-13974 | 1 Layerbb | 1 Layerbb | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. | |||||
CVE-2018-1622 | 1 Ibm | 1 Security Privileged Identity Manager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144348. | |||||
CVE-2019-7874 | 1 Magento | 1 Magento | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles. | |||||
CVE-2019-1857 | 1 Cisco | 28 Hx220c Af M5, Hx220c Af M5 Firmware, Hx220c All Nvme M5 and 25 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. | |||||
CVE-2017-18366 | 1 Intelliants | 1 Subrion Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Subrion CMS 4.1.5 has CSRF in blog/delete/. | |||||
CVE-2018-20968 | 1 Smackcoders | 1 Ultimate Exporter | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The wp-ultimate-exporter plugin before 1.4.2 for WordPress has CSRF. | |||||
CVE-2015-9388 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS. | |||||
CVE-2019-9625 | 1 Directadmin | 1 Directadmin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. | |||||
CVE-2014-10382 | 1 Pippinsplugins | 1 Featured Comments | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. | |||||
CVE-2019-15113 | 1 Codeermeneer | 1 Companion Sitemap Generator | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF. | |||||
CVE-2016-10918 | 1 Supsystic | 1 Photo Gallery | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF. | |||||
CVE-2019-10847 | 1 Computrols | 1 Computrols Building Automation Software | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery. | |||||
CVE-2019-5924 | 1 Rednao | 1 Smart Forms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in Smart Forms 2.6.15 and earlier allows remote attackers to hijack the authentication of administrators via a specially crafted page. | |||||
CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | |||||
CVE-2019-16059 | 1 Sapplica | 1 Sentrifugo | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Sentrifugo 3.2 lacks CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code at index.php/dashboard/viewprofile via a crafted HTML page. | |||||
CVE-2019-11587 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Various exposed resources of the ViewLogging class in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allow remote attackers to modify various settings via Cross-site request forgery (CSRF). | |||||
CVE-2019-11193 | 1 Infinitumit | 1 Directadmin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. |