Total
5454 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13989 | 1 Arcelikas | 2 Grundig Smart Inter\@ctive, Grundig Smart Inter\@ctive Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. | |||||
CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | |||||
CVE-2018-15565 | 1 Simple-cms Project | 1 Simple Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. | |||||
CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | |||||
CVE-2018-17023 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | |||||
CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
CVE-2018-1927 | 1 Ibm | 1 Storediq | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
CVE-2018-1002103 | 1 Kubernetes | 1 Minikube | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. | |||||
CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
CVE-2018-0402 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. | |||||
CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhi Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | |||||
CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | |||||
CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
CVE-2018-15901 | 1 E107 | 1 E107 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
CVE-2018-13394 | 1 Atlassian | 1 Questions For Confluence | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | |||||
CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | |||||
CVE-2018-0446 | 1 Cisco | 1 Network Level Service | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. | |||||
CVE-2018-7831 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. |