Total
5500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10030 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | |||||
| CVE-2018-0148 | 1 Cisco | 1 Ucs Director | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protection by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, via the user's web browser and with the user's privileges, on an affected system. Cisco Bug IDs: CSCvf71929. | |||||
| CVE-2017-0362 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token. | |||||
| CVE-2016-8513 | 1 Hp | 1 Version Control Repository Manager | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2018-10503 | 1 Baijiacms Project | 1 Baijiacms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser. | |||||
| CVE-2014-5072 | 1 Wpsecurityauditlog | 1 Wp Security Audit Log | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2018-1000082 | 1 Ajenti | 1 Ajenti | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed.. | |||||
| CVE-2018-1434 | 1 Ibm | 14 San Volume Controller, San Volume Controller Firmware, Spectrum Virtualize and 11 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 139474. | |||||
| CVE-2017-5394 | 2 Google, Mozilla | 2 Android, Firefox | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 51. | |||||
| CVE-2018-9856 | 1 Kotti Project | 1 Kotti | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. | |||||
| CVE-2018-11633 | 1 Multidots | 1 Woo Checkout For Digital Goods | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities. | |||||
| CVE-2018-6656 | 1 Zblogcn | 1 Z-blogphp | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as demonstrated by deleting files and directories. | |||||
| CVE-2018-1514 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| IBM Robotic Process Automation with Automation Anywhere 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 141622. | |||||
| CVE-2018-13031 | 1 Damicms | 1 Damicms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. | |||||
| CVE-2016-0295 | 1 Ibm | 1 Bigfix Platform | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the IBM BigFix Platform 9.0, 9.1, 9.2, and 9.5 before 9.5.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111363. | |||||
| CVE-2018-7308 | 1 Hosting Project | 1 Hosting | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| A CSRF issue was found in var/www/html/files.php in DanWin hosting through 2018-02-11 that allows arbitrary remote users to add/delete/modify any files in any hosting account. | |||||
| CVE-2018-7700 | 1 Dedecms | 1 Dedecms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code. | |||||
| CVE-2018-6888 | 1 Typesettercms | 1 Typesetter | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
| An issue was discovered in Typesetter 5.1. The User Permissions page (aka Admin/Users) suffers from critical flaw of Cross Site Request forgery: using a forged HTTP request, a malicious user can lead a user to unknowingly create / delete or modify a user account due to the lack of an anti-CSRF token. | |||||
| CVE-2018-12529 | 1 Intex | 2 N150, N150 Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings. | |||||
| CVE-2018-10554 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter. | |||||