Total
5524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18317 | 1 Dscms Project | 1 Dscms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI. | |||||
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | |||||
| CVE-2018-15202 | 1 Juunan06 | 1 Ecommerce | 2023-12-10 | 6.8 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. | |||||
| CVE-2019-1000003 | 1 Mapsvg | 1 Mapsvg Lite | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| MapSVG MapSVG Lite version 3.2.3 contains a Cross Site Request Forgery (CSRF) vulnerability in REST endpoint /wp-admin/admin-ajax.php?action=mapsvg_save that can result in an attacker can modify post data, including embedding javascript. This attack appears to be exploitable via the victim must be logged in to WordPress as an admin, and click a link. This vulnerability appears to have been fixed in 3.3.0 and later. | |||||
| CVE-2018-14959 | 1 Weaselcms Project | 1 Weaselcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. | |||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | |||||
| CVE-2019-1658 | 1 Cisco | 1 Unified Intelligence Center | 2023-12-10 | 4.3 MEDIUM | 7.4 HIGH |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. | |||||
| CVE-2018-6907 | 1 Rainmachine | 1 Rainmachine Web Application | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | |||||
| CVE-2018-1661 | 1 Ibm | 1 Datapower Gateway | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 144887. | |||||
| CVE-2019-8910 | 1 Wtcms Project | 1 Wtcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | |||||
| CVE-2018-12370 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox < 61. | |||||
| CVE-2018-11502 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | |||||
| CVE-2018-0445 | 1 Cisco | 1 Packaged Contact Center Enterprise | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. | |||||
| CVE-2018-18316 | 1 Emlog | 1 Emlog | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| emlog v6.0.0 has CSRF via the admin/user.php?action=new URI. | |||||
| CVE-2018-0451 | 1 Cisco | 1 Tetration Analytics | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a customized link. A successful exploit could allow the attacker to perform arbitrary actions on an affected device by using a web browser and with the privileges of the user. | |||||
| CVE-2018-18794 | 1 School Event Management System Project | 1 School Event Management System | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| School Event Management System 1.0 allows CSRF via user/controller.php?action=edit. | |||||
| CVE-2018-15568 | 1 Tp5cms Project | 1 Tp5cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. | |||||
| CVE-2018-2442 | 1 Sap | 2 Businessobjects Business Intelligence, Internet Graphics Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. | |||||
| CVE-2018-14958 | 1 Weaselcms Project | 1 Weaselcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. | |||||
| CVE-2018-19560 | 1 Bagesoft | 1 Bagecms | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
| BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. | |||||