Total
5517 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-9281 | 1 Eaton | 2 9px Ups, 9px Ups Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vulnerable to Reflected Cross-Site Scripting vulnerabilities. This flaw could be triggered by driving an administrator logged into the Eaton application to a specially crafted web page. This attack could be done silently. | |||||
CVE-2018-20595 | 1 Hsweb | 1 Hsweb | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful. | |||||
CVE-2018-14926 | 1 Matera | 1 Banco | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. | |||||
CVE-2018-19334 | 1 Google | 1 Monorail | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axis) can be used to obtain sensitive information about the content of bug reports. | |||||
CVE-2018-13989 | 1 Arcelikas | 2 Grundig Smart Inter\@ctive, Grundig Smart Inter\@ctive Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device. | |||||
CVE-2018-17869 | 1 Dasan | 2 H660gw, H660gw Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
DASAN H660GW devices do not implement any CSRF protection mechanism. | |||||
CVE-2018-15845 | 1 Gleezcms | 1 Gleez Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. | |||||
CVE-2018-15565 | 1 Simple-cms Project | 1 Simple Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. | |||||
CVE-2018-14966 | 1 Emlsoft Project | 1 Emlsoft | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. | |||||
CVE-2018-17023 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability on ASUS GT-AC5300 routers with firmware through 3.0.0.4.384_32738 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a request to start_apply.htm. | |||||
CVE-2018-16732 | 1 Chshcms | 1 Cscms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
\upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | |||||
CVE-2018-18799 | 1 School Attendance Monitoring System Project | 1 School Attendance Monitoring System | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos. | |||||
CVE-2018-1927 | 1 Ibm | 1 Storediq | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118. | |||||
CVE-2018-1002103 | 1 Kubernetes | 1 Minikube | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. In VM environments where the IP is easy to predict, the attacker can use DNS rebinding to indirectly make requests to the Kubernetes Dashboard, create a new Kubernetes Deployment running arbitrary code. If minikube mount is in use, the attacker could also directly access the host filesystem. | |||||
CVE-2018-15849 | 1 Portfoliocms Project | 1 Portfoliocms | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. | |||||
CVE-2018-0402 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921. | |||||
CVE-2018-18712 | 1 Wuzhicms | 1 Wuzhi Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can change the super administrator's username via index.php?m=member&f=index&v=edit&uid=1. | |||||
CVE-2018-15186 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. | |||||
CVE-2018-20612 | 1 Asthis | 1 Universal Website Asthis | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
UWA 2.3.11 allows index.php?g=admin&c=admin&a=add_admin_do CSRF. | |||||
CVE-2018-15901 | 1 E107 | 1 E107 | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. |