Total
5467 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19335 | 1 Google | 1 Monorail | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | |||||
CVE-2018-2474 | 1 Sap | 1 Fiori | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | |||||
CVE-2018-12411 | 1 Tibco | 1 Activespaces | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0. | |||||
CVE-2018-16338 | 1 Auracms | 1 Auracms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||
CVE-2019-8347 | 1 Beescms | 1 Beescms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. | |||||
CVE-2018-19829 | 1 Artica | 1 Integria Ims | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | |||||
CVE-2018-14583 | 1 Xyhcms | 1 Xyhcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account. | |||||
CVE-2018-16458 | 1 Baigo | 1 Baigo Cms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in baigo CMS v2.1.1. There is an index.php?m=article&c=request CSRF that can cause publication of any article. | |||||
CVE-2018-16365 | 1 Idreamsoft | 1 Icms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | |||||
CVE-2017-15608 | 1 Inedo | 1 Proget | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. | |||||
CVE-2018-18760 | 1 Saltos | 1 Rhinos | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
RhinOS 3.0 build 1190 allows CSRF. | |||||
CVE-2019-9048 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete a theme (aka topic) via a /admin.php?action=theme_delete&var1= URI. | |||||
CVE-2019-9051 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete articles via a /admin.php?action=deletepage&var1= URI. | |||||
CVE-2018-17366 | 1 Mcms Project | 1 Mcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | |||||
CVE-2018-16345 | 1 Easycms | 1 Easycms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EasyCMS 1.5. There is a CSRF vulnerability that can update the admin password via index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent. | |||||
CVE-2018-1926 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit a malicious URL, a remote attacker could send a specially-crafted request. An attacker could exploit this vulnerability to perform CSRF attack and update available applications. IBM X-Force ID: 152992. | |||||
CVE-2018-1000206 | 1 Jfrog | 1 Artifactory | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
JFrog Artifactory version since 5.11 contains a Cross ite Request Forgery (CSRF) vulnerability in UI rest endpoints that can result in Classic CSRF attack allowing an attacker to perform actions as logged in user. This attack appear to be exploitable via The victim must run maliciously crafted flash component. This vulnerability appears to have been fixed in 6.1. | |||||
CVE-2018-17102 | 1 Quickappscms | 1 Quickapps Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI. | |||||
CVE-2018-19969 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc. |