Total
5454 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1999027 | 1 Jenkins | 1 Saltstack | 2023-12-10 | 6.8 MEDIUM | 7.5 HIGH |
| An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins. | |||||
| CVE-2019-9182 | 1 Zzzcms | 1 Zzzphp | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. | |||||
| CVE-2018-14057 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. | |||||
| CVE-2018-1000843 | 1 Spotify | 1 Luigi | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API endpoint: /api/<method> that can result in Task metadata such as task name, id, parameter, etc. will be leaked to unauthorized users. This attack appear to be exploitable via The victim must visit a specially crafted webpage from the network where their Luigi server is accessible.. This vulnerability appears to have been fixed in 2.8.0 and later. | |||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | |||||
| CVE-2018-1000669 | 1 Koha | 1 Koha | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. This attack appear to be exploitable via The victim must be socially engineered into clicking a link, usually via email. This vulnerability appears to have been fixed in 17.11. | |||||
| CVE-2018-15539 | 1 Agentejo | 1 Cockpit | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc. | |||||
| CVE-2018-12364 | 4 Canonical, Debian, Mozilla and 1 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. | |||||
| CVE-2018-20231 | 1 Simbahosting | 1 Two-factor-authentication | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation. | |||||
| CVE-2019-7730 | 1 Mywebsql | 1 Mywebsql | 2023-12-10 | 4.9 MEDIUM | 5.7 MEDIUM |
| MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI. | |||||
| CVE-2018-19192 | 1 Xiaocms | 1 Xiaocms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in XiaoCms 20141229. admin/index.php?c=content&a=add&catid=3 has CSRF, as demonstrated by entering news via the data[content] parameter. | |||||
| CVE-2018-13800 | 1 Siemens | 2 Simatic S7-1200 V4, Simatic S7-1200 V4 Firmware | 2023-12-10 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify parts of the device configuration. | |||||
| CVE-2018-14978 | 1 Q-cms | 1 Qcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. | |||||
| CVE-2018-16552 | 1 Micropyramid | 1 Django Crm | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. | |||||
| CVE-2019-9040 | 1 S-cms | 1 S-cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | |||||
| CVE-2019-7738 | 1 C.p.sub Project | 1 C.p.sub | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| C.P.Sub before 5.3 allows CSRF via a manage.php?p=article_del&id= URI. | |||||
| CVE-2016-7067 | 1 Mmonit | 1 Monit | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. | |||||
| CVE-2019-1003008 | 1 Jenkins | 1 Warnings Next Generation | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A cross-site request forgery vulnerability exists in Jenkins Warnings Next Generation Plugin 2.1.1 and earlier in src/main/java/io/jenkins/plugins/analysis/warnings/groovy/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | |||||
| CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | |||||
| CVE-2018-17069 | 1 Unlcms | 1 Unlcms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay. | |||||