Total
5486 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7440 | 1 Jio | 2 Jiofi 4g M2s, Jiofi 4g M2s Firmware | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi). | |||||
| CVE-2019-1003092 | 1 Jenkins | 1 Nomad | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Nomad Plugin in the NomadCloud.DescriptorImpl#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-5430 | 1 Ui | 1 Unifi Video | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In UniFi Video 3.10.0 and prior, due to the lack of CSRF protection, it is possible to abuse the Web API to make changes on the server configuration without the user consent, requiring the attacker to lure an authenticated user to access on attacker controlled page. | |||||
| CVE-2019-10874 | 1 Boltcms | 1 Bolt | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file. | |||||
| CVE-2011-5328 | 1 User Access Manager Project | 1 User Access Manager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The user-access-manager plugin before 1.2 for WordPress has CSRF. | |||||
| CVE-2019-6166 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow cross-site request forgery. | |||||
| CVE-2018-20971 | 1 Churchadminplugin | 1 Church Admin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The church-admin plugin before 1.2550 for WordPress has CSRF affecting the upload of a bible reading plan. | |||||
| CVE-2016-10982 | 1 Kentothemes | 1 Kento-post-view-counter | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF. | |||||
| CVE-2018-10986 | 1 Open-xchange | 1 Ox Guard | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| OX Guard 2.8.0 has CSRF. | |||||
| CVE-2019-12616 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim. | |||||
| CVE-2019-13363 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. | |||||
| CVE-2018-20967 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The wp-ultimate-csv-importer plugin before 5.6.1 for WordPress has CSRF. | |||||
| CVE-2019-10310 | 1 Jenkins | 1 Ansible Tower | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability in Jenkins Ansible Tower Plugin 0.9.1 and earlier in the TowerInstallation.TowerInstallationDescriptor#doTestTowerConnection form validation method allowed attackers permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins | |||||
| CVE-2019-12624 | 1 Cisco | 19 5760 Wireless Lan Controller, Catalyst 3650-12x48uq, Catalyst 3650-12x48ur and 16 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco IOS XE New Generation Wireless Controller (NGWC) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | |||||
| CVE-2018-17584 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. | |||||
| CVE-2019-1003090 | 1 Jenkins | 1 Soasta Cloudtest | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins SOASTA CloudTest Plugin in the CloudTestServer.DescriptorImpl#doValidate form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2015-9292 | 1 6kbbs | 1 6kbbs | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| 6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter). | |||||
| CVE-2019-1003084 | 1 Jenkins | 1 Zephyr Enterprise Test Management | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | |||||
| CVE-2019-15114 | 1 Ncrafts | 1 Formcraft | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF. | |||||
| CVE-2019-10176 | 1 Redhat | 1 Openshift Container Platform | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
| A flaw was found in OpenShift Container Platform, versions 3.11 and later, in which the CSRF tokens used in the cluster console component were found to remain static during a user's session. An attacker with the ability to observe the value of this token would be able to re-use the token to perform a CSRF attack. | |||||