Total
5500 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-15206 | 1 Bpcbt | 1 Smartvista | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf. | |||||
CVE-2019-16099 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows CSRF via JSON data to a .swf file. | |||||
CVE-2018-19511 | 1 Ens | 1 Webgalamb | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
wg7.php in Webgalamb 7.0 lacks security measures to prevent CSRF attacks, as demonstrated by wg7.php?options=1 to change the administrator password. | |||||
CVE-2019-12466 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Wikimedia MediaWiki through 1.32.1 allows CSRF. | |||||
CVE-2019-10331 | 1 Jenkins | 1 Electricflow | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A cross-site request forgery vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. | |||||
CVE-2018-11427 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
CSRF tokens are not used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior, which makes it possible to perform CSRF attacks on the device administrator. | |||||
CVE-2018-15612 | 1 Avaya | 1 Orchestration Designer | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. | |||||
CVE-2015-4630 | 1 Koha | 1 Koha | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl. | |||||
CVE-2018-18422 | 1 Usualtool | 1 Usualtoolcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/a_adminx.php?x=a URI. | |||||
CVE-2018-15848 | 1 Portfoliocms Project | 1 Portfoliocms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. | |||||
CVE-2018-18420 | 1 Tribalsystems | 1 Zenario | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | |||||
CVE-2018-16634 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Pluck v4.7.7 allows CSRF via admin.php?action=settings. | |||||
CVE-2018-15187 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. | |||||
CVE-2017-17835 | 1 Apache | 1 Airflow | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow. | |||||
CVE-2018-19335 | 1 Google | 1 Monorail | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby value) can be used to obtain sensitive information about the content of bug reports. | |||||
CVE-2018-2474 | 1 Sap | 1 Fiori | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection. | |||||
CVE-2018-12411 | 1 Tibco | 1 Activespaces | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0. | |||||
CVE-2018-16338 | 1 Auracms | 1 Auracms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in AuraCMS 2.3. There is a CSRF vulnerability that can change the administrator's password via admin.php?mod=users and subsequently add a page or menu, or submit a topic. | |||||
CVE-2018-18742 | 1 Sem-cms | 1 Semcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||||
CVE-2019-8347 | 1 Beescms | 1 Beescms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. |