Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1003010 | 2 Jenkins, Redhat | 2 Git, Openshift Container Platform | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. | |||||
CVE-2018-12412 | 1 Tibco | 1 Ftl | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0. | |||||
CVE-2018-17858 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Joomla! before 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend. | |||||
CVE-2018-20188 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
FUEL CMS 1.4.3 has CSRF via users/create/ to add an administrator account. | |||||
CVE-2019-7570 | 1 Pbootcms | 1 Pbootcms | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
A CSRF vulnerability was found in PbootCMS v1.3.6 that can delete users via an admin.php/User/del/ucode/ URI. | |||||
CVE-2019-1003007 | 1 Jenkins | 1 Warnings | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | |||||
CVE-2018-12413 | 1 Tibco | 1 Messaging - Apache Kafka Distribution - Schema Repository | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0. | |||||
CVE-2018-14965 | 1 Emlsoft Project | 1 Emlsoft | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. | |||||
CVE-2018-16416 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | |||||
CVE-2018-11718 | 1 Xovis | 6 Pc2, Pc2 Firmware, Pc2r and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Xovis PC2, PC2R, and PC3 devices through 3.6.0 allow CSRF. | |||||
CVE-2019-6509 | 1 Creditease-sec | 1 Insight | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF. | |||||
CVE-2018-16951 | 1 Xunfeng Project | 1 Xunfeng | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
xunfeng 0.2.0 allows command execution via CSRF because masscan.py mishandles backquote characters, a related issue to CVE-2018-16832. | |||||
CVE-2019-6244 | 1 Usualtool | 1 Usualtoolcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file. | |||||
CVE-2016-6578 | 1 Filecloud | 1 Filecloud | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. | |||||
CVE-2018-15445 | 1 Cisco | 1 Energy Management Suite Software | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. | |||||
CVE-2018-16650 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
phpMyFAQ before 2.9.11 allows CSRF. | |||||
CVE-2018-16449 | 1 Onethink | 1 Onethink | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via admin.php?s=/Article/setStatus/status/1.html. | |||||
CVE-2018-7097 | 1 Hp | 1 3par Service Provider | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. | |||||
CVE-2019-9052 | 1 Pluck-cms | 1 Pluck | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete pictures via a /admin.php?action=deleteimage&var1= URI. | |||||
CVE-2018-15884 | 1 Ricoh | 2 Mp C4504ex, Mp C4504ex Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. |