Total
5486 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10529 | 1 Droppy Project | 1 Droppy | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others. | |||||
CVE-2017-16756 | 1 Userscape | 1 Helpspot | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-site request forgery vulnerability exists on POST requests to the "index.php?pg=password.change" endpoint. This allows an attacker to change the password of another user's HelpSpot account. | |||||
CVE-2018-13010 | 1 Wstmall | 1 Wstmall | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. | |||||
CVE-2018-1000137 | 1 I-librarian | 1 I Librarian | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
I, Librarian version 4.8 and earlier contains a Cross site Request Forgery (CSRF) vulnerability in users.php that can result in the password of the admin being forced to be changed without the administrator's knowledge. | |||||
CVE-2018-12582 | 1 Akcms Project | 1 Akcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in AKCMS 6.1. CSRF can add an admin account via a /index.php?file=account&action=manageaccounts&job=newaccount URI. | |||||
CVE-2018-10031 | 1 Cmsmadesimple | 1 Cms Made Simple | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/moduleinterface.php. | |||||
CVE-2018-11126 | 1 Doorgets | 1 Doorgets | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
dg-user/?controller=users&action=add in doorGets 7.0 has CSRF that results in adding an administrator account. | |||||
CVE-2018-13793 | 1 Abbyy | 1 Flexicapture | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Administration, and Login. | |||||
CVE-2018-11092 | 1 Admin Notes Project | 1 Admin Notes | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action. | |||||
CVE-2016-0348 | 1 Ibm | 1 Tririga Application Platform | 2023-12-10 | 6.0 MEDIUM | 8.0 HIGH |
Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA Application Platform 3.3, 3.3.1, 3.3.2, and 3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. IBM X-Force ID: 111813. | |||||
CVE-2018-8764 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging. | |||||
CVE-2018-7590 | 1 Hoosk | 1 Hoosk | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | |||||
CVE-2014-9502 | 1 Open Atrium Project | 1 Open Atrium | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | |||||
CVE-2018-6288 | 1 Kaspersky | 1 Secure Mail Gateway | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. | |||||
CVE-2017-18080 | 1 Atlassian | 1 Bamboo | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The saveConfigureSecurity resource in Atlassian Bamboo before version 6.3.1 allows remote attackers to modify security settings via a Cross-site request forgery (CSRF) vulnerability. | |||||
CVE-2018-10223 | 1 Yzmcms | 1 Yzmcms | 2023-12-10 | 6.0 MEDIUM | 6.8 MEDIUM |
An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html. | |||||
CVE-2018-13067 | 1 Opencart | 1 Opencart | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. | |||||
CVE-2018-6563 | 1 Totemo | 1 Encryption Gateway | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token. | |||||
CVE-2018-1000093 | 1 Cryptonote | 1 Cryptonote | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
CryptoNote version version 0.8.9 and possibly later contain a local RPC server which does not require authentication, as a result the walletd and the simplewallet RPC daemons will process any commands sent to them, resulting in remote command execution and a takeover of the cryptocurrency wallet if an attacker can trick an application such as a web browser into connecting and sending a command for example. This attack appears to be exploitable via a victim visiting a webpage hosting malicious content that trigger such behavior. | |||||
CVE-2018-10312 | 1 Wuzhicms | 1 Wuzhi Cms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. |