Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7346 | 1 Zoneminder | 1 Zoneminder | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful. | |||||
| CVE-2018-10099 | 1 Google | 1 Monorail | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns) can be used to obtain sensitive information about the content of bug reports. | |||||
| CVE-2018-14331 | 1 Xiaocms | 1 Xiaocms X1 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my. | |||||
| CVE-2018-1000411 | 1 Jenkins | 1 Junit | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery vulnerability exists in Jenkins JUnit Plugin 1.25 and earlier in TestObject.java that allows setting the description of a test result. | |||||
| CVE-2019-9049 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=module_delete&var1= URI. | |||||
| CVE-2018-19561 | 1 Sikcms | 1 Sikcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| sikcms 1.1 has CSRF via admin.php?m=Admin&c=Users&a=userAdd to add an administrator account. | |||||
| CVE-2018-14014 | 1 Super Cms Project | 1 Super Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd. | |||||
| CVE-2018-16832 | 1 Xunfeng Project | 1 Xunfeng | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header. | |||||
| CVE-2018-16337 | 1 Chshcms | 1 Cscms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Cscms V4.1.8. There is a CSRF vulnerability that can modify a website's basic configuration via upload/admin.php/setting/save. | |||||
| CVE-2018-18201 | 1 Qibosoft | 1 Qibosoft | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account. | |||||
| CVE-2019-6249 | 1 Hucart | 1 Hucart | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add. | |||||
| CVE-2018-18191 | 1 Finecms | 1 Finecms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in /admin.php?c=member&m=edit&uid=1 in dayrui FineCms 5.4 allows remote attackers to change the administrator's password. | |||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | |||||
| CVE-2018-17986 | 1 Razorcms | 1 Razorcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. | |||||
| CVE-2018-16854 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | |||||
| CVE-2019-6508 | 1 Creditease-sec | 1 Insight | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF. | |||||
| CVE-2018-19544 | 1 Jeecms | 1 Jeecms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| JEECMS 9.3 has CSRF via the api/admin/content/save URI to add news. | |||||
| CVE-2018-20603 | 1 Lfdycms | 1 Lei Feng Tv Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Lei Feng TV CMS (aka LFCMS) 3.8.6 allows admin.php?s=/Member/add.html CSRF. | |||||
| CVE-2018-16366 | 1 Idreamsoft | 1 Icms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | |||||
| CVE-2018-18734 | 1 Catfish-cms | 1 Catfish Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30. | |||||