Total
5486 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
| CVE-2018-1927 | 1 Ibm | 1 Storediq | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
| CVE-2018-1002103 | 1 Kubernetes | 1 Minikube | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. | |||||
| CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
| CVE-2018-0402 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. | |||||
| CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhi Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | |||||
| CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | |||||
| CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
| CVE-2018-15901 | 1 E107 | 1 E107 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. | |||||
| CVE-2018-13394 | 1 Atlassian | 1 Questions For Confluence | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. | |||||
| CVE-2018-14960 | 1 Xiao5ucompany Project | 1 Xiao5ucompany | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. | |||||
| CVE-2018-0446 | 1 Cisco | 1 Network Level Service | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. | |||||
| CVE-2018-7831 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
| An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 allowing an attacker to send a specially crafted URL to a currently authenticated web server user to execute a password change on the web server. | |||||
| CVE-2018-19545 | 1 Jeecms | 1 Jeecms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| JEECMS 9.3 has CSRF via the api/admin/role/save URI to add a user. | |||||
| CVE-2018-10895 | 1 Qutebrowser | 1 Qutebrowser | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution. | |||||
| CVE-2018-20419 | 1 Douco | 1 Douphp | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| DouCo DouPHP 1.5 has upload/admin/manager.php?rec=insert CSRF to add an administrator account. | |||||
| CVE-2018-15438 | 1 Cisco | 1 Prime Collaboration Assurance | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser to perform arbitrary actions with the privileges of the user on an affected system. | |||||
| CVE-2018-19319 | 1 Srcms Project | 1 Srcms | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=gifts&a=update to change goods prices with the super administrator's privileges. | |||||
| CVE-2018-14582 | 1 Bagesoft | 1 Bagecms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. | |||||
| CVE-2018-0439 | 1 Cisco | 1 Meeting Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | |||||