Total
5455 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10522 | 1 Rails Admin Project | 1 Rails Admin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem. | |||||
CVE-2018-7307 | 1 Auth0 | 1 Auth0.js | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter. | |||||
CVE-2018-6224 | 1 Trendmicro | 1 Email Encryption Gateway | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A lack of cross-site request forgery (CSRF) protection vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to submit authenticated requests to a user browsing an attacker-controlled domain. | |||||
CVE-2018-11527 | 1 Cscms Project | 1 Cscms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /admin.php/sys/editpass_save. | |||||
CVE-2018-0255 | 1 Cisco | 1 Ios | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405. | |||||
CVE-2018-0364 | 1 Cisco | 1 Unified Communications Domain Manager | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi44320. | |||||
CVE-2018-12114 | 1 Maccms | 1 Maccms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts. | |||||
CVE-2018-11442 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation. | |||||
CVE-2018-10117 | 1 Icmsdev | 1 Icms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | |||||
CVE-2017-18033 | 1 Atlassian | 1 Jira | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | |||||
CVE-2018-11445 | 1 Easyservice Billing Project | 1 Easyservice Billing | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role. | |||||
CVE-2018-6023 | 1 Fastweb | 2 Fastgate, Fastgate Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | |||||
CVE-2018-12739 | 1 Beescms | 1 Beescms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | |||||
CVE-2018-10137 | 1 Iscripts | 1 Uberforx | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI. | |||||
CVE-2018-7746 | 1 Cobub | 1 Razor | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. | |||||
CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | |||||
CVE-2014-1457 | 1 Openwebanalytics | 1 Open Web Analytics | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name. | |||||
CVE-2018-9134 | 1 Dedecms | 1 Dedecms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters. | |||||
CVE-2018-10295 | 1 Chemcms Project | 1 Chemcms | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account. | |||||
CVE-2018-8817 | 1 Wampserver | 1 Wampserver | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Wampserver before 3.1.3 has CSRF in add_vhost.php. |