Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1797 | 1 Apc | 2 Network Management Card, Switched Rack Pdu | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to hijack the authentication of (1) administrator or (2) device users for requests that create new administrative users or have unspecified other impact. | ||||
| CVE-2012-4280 | 1 Rwcinc | 1 Free Realty | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent. | ||||
| CVE-2010-5319 | 1 Kan-studio | 1 Kandidat Cms | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php. | ||||
| CVE-2021-20580 | 1 Ibm | 1 Planning Analytics | 2024-09-17 | 4.3 Medium |
| IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 198241. | ||||
| CVE-2018-2001 | 1 Ibm | 1 Curam Social Program Management | 2024-09-17 | N/A |
| IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891. | ||||
| CVE-2013-3451 | 1 Cisco | 1 Unified Communications Manager | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Unified Communications Manager (Unified CM) allow remote attackers to hijack the authentication of arbitrary users for requests that perform arbitrary Unified CM operations, aka Bug ID CSCui13033. | ||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2024-09-17 | 4.7 Medium |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress via &title parameter. | ||||
| CVE-2019-1658 | 1 Cisco | 1 Unified Intelligence Center | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections in the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious, customized link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device via a web browser and with the privileges of the user. | ||||
| CVE-2017-18033 | 1 Atlassian | 1 Jira | 2024-09-17 | N/A |
| The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery (CSRF) vulnerabilities. | ||||
| CVE-2018-11127 | 1 E107 | 1 E107 | 2024-09-17 | N/A |
| e107 2.1.7 has CSRF resulting in arbitrary user deletion. | ||||
| CVE-2013-3397 | 1 Cisco | 1 Unified Communications Manager | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Unified Serviceability component in Cisco Unified Communications Manager (CUCM) allows remote attackers to hijack the authentication of arbitrary users for requests that perform Unified Serviceability actions, aka Bug ID CSCuh10298. | ||||
| CVE-2021-23431 | 1 Joplinapp | 1 Joplin | 2024-09-17 | 5.4 Medium |
| The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | ||||
| CVE-2021-21027 | 1 Magento | 1 Magento | 2024-09-17 | N/A |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadata by an unauthenticated attacker. Access to the admin console is not required for successful exploitation. | ||||
| CVE-2017-4928 | 1 Vmware | 1 Vcenter Server | 2024-09-17 | N/A |
| The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. not the new HTML5-based vSphere Client, contains SSRF and CRLF injection issues due to improper neutralization of URLs. An attacker may exploit these issues by sending a POST request with modified headers towards internal services leading to information disclosure. | ||||
| CVE-2012-4051 | 1 Jamf | 1 Casper Suite | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action. | ||||
| CVE-2011-5298 | 1 Viralheat | 1 Argyle Social | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to users/create/, (2) modify rules via the terms field in stream_filter_rule JSON data to settings-ajax/stream_filter_rules/create, or (3) modify efforts via the title field in effort JSON data to publish-ajax/efforts/create. | ||||
| CVE-2018-10758 | 1 Datenstrom | 1 Yellow | 2024-09-17 | N/A |
| The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action that can delete articles. | ||||
| CVE-2008-7241 | 1 Punbb | 1 Punbb | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 allows remote attackers to hijack the authentication of unspecified users for requests related to a logout, probably a forced logout. | ||||
| CVE-2011-5316 | 1 Cambio Project | 1 Cambio | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. | ||||
| CVE-2013-6852 | 1 Hp | 1 2620-24-poe\+ Switch | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method. | ||||