Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7780 | 1 Softwaremill | 1 Akka-http-session | 2024-09-17 | 6.3 Medium |
| This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. | ||||
| CVE-2019-4231 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 4.3 Medium |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159356. | ||||
| CVE-2020-4938 | 1 Ibm | 1 Mq Appliance | 2024-09-17 | 8.8 High |
| IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 191815. | ||||
| CVE-2012-1083 | 1 Typo3 | 2 Terminal, Typo3 | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2021-27759 | 1 Hcltech | 1 Bigfix Inventory | 2024-09-17 | 2.3 Low |
| This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. | ||||
| CVE-2011-4498 | 1 Zenprise | 1 Zenprise Device Manager | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices. | ||||
| CVE-2018-13407 | 1 Jirafeau | 1 Jirafeau | 2024-09-17 | N/A |
| A CSRF issue was discovered in Jirafeau before 3.4.1. The "delete file" feature on the admin panel is not protected against automated requests and could be abused. | ||||
| CVE-2010-2114 | 1 Brekeke | 1 Pbx | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. | ||||
| CVE-2017-12584 | 1 Slims | 1 Senayan Library Management System | 2024-09-17 | 8.8 High |
| There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an entire user profile (including the password) can be updated without sending the current password. This allows remote attackers to trick a user into changing to an attacker-controlled password, a complete account takeover, via the passwd1 and passwd2 fields in an admin/modules/system/app_user.php changecurrent=true operation. | ||||
| CVE-2015-2770 | 1 Websense | 1 V-series Appliances | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2011-5311 | 1 Cherry-design | 1 Wikipad | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. | ||||
| CVE-2017-14362 | 1 Microfocus | 1 Project And Portfolio Management | 2024-09-17 | N/A |
| Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. | ||||
| CVE-2018-10030 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-17 | N/A |
| CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. | ||||
| CVE-2013-0207 | 2 Drupal, Leighton Whiting | 2 Drupal, Mark Complete | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2020-27146 | 1 Tibco | 1 Iprocess Workspace Browser | 2024-09-17 | 5 Medium |
| The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below. | ||||
| CVE-2015-5530 | 1 Freereprintables | 1 Articlefr | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/. | ||||
| CVE-2012-6103 | 1 Moodle | 1 Moodle | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. | ||||
| CVE-2019-1881 | 1 Cisco | 1 Industrial Network Director | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to use a web browser and the privileges of the user to perform arbitrary actions on an affected device. For more information about CSRF attacks and potential mitigations, see Understanding Cross-Site Request Forgery Threat Vectors. | ||||
| CVE-2015-1374 | 1 Ferretcms Project | 1 Ferretcms | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks. | ||||
| CVE-2017-9518 | 1 Atmail | 1 Atmail | 2024-09-17 | N/A |
| atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | ||||