Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9379 | 1 Bigtreecms | 1 Bigtree Cms | 2024-09-17 | N/A |
| Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php. | ||||
| CVE-2021-36854 | 1 Bookingultrapro | 1 Booking Ultra Pro Appointments Booking Calendar | 2024-09-17 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | ||||
| CVE-2019-8910 | 1 Wtcms Project | 1 Wtcms | 2024-09-17 | N/A |
| An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF. | ||||
| CVE-2019-1713 | 1 Cisco | 13 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 10 more | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device. | ||||
| CVE-2012-5547 | 2 Drupal, Thomas Seidl | 2 Drupal, Search Api | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable a server via a server action or (2) enable a search index via an enable index action. | ||||
| CVE-2021-38480 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-09-17 | 9.6 Critical |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router. | ||||
| CVE-2013-2778 | 1 Chatelao | 1 Php Address Book | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1. | ||||
| CVE-2017-17936 | 1 Vanguard Project | 1 Marketplace Digital Products Php | 2024-09-17 | N/A |
| Vanguard Marketplace Digital Products PHP has CSRF via /search. | ||||
| CVE-2021-26071 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-09-17 | 3.5 Low |
| The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configuration via a cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2019-1003007 | 1 Jenkins | 1 Warnings | 2024-09-17 | N/A |
| A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and earlier in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows attackers to execute arbitrary code via a form validation HTTP endpoint. | ||||
| CVE-2017-1769 | 1 Ibm | 1 Business Process Manager | 2024-09-17 | N/A |
| IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 136783. | ||||
| CVE-2013-0126 | 1 Verizon | 2 Fios Actiontec Mi424wr-gen31 Router, Fios Actiontec Mi424wr-gen31 Router Firmware | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters. | ||||
| CVE-2018-1000183 | 1 Jenkins | 1 Github | 2024-09-17 | N/A |
| A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-29441 | 1 Private Messages Project | 1 Private Messages | 2024-09-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | ||||
| CVE-2014-10027 | 1 Dlink | 2 Dap-1360, Dap-1360 Firmware | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DAP-1360 router with firmware 2.5.4 and earlier allow remote attackers to hijack the authentication of unspecified users for requests that (1) change the MAC filter restrict mode, (2) add a MAC address to the filter, or (3) remove a MAC address from the filter via a crafted request to index.cgi. | ||||
| CVE-2022-40671 | 1 Blazzdev | 1 Rate My Post - Wp Rating System | 2024-09-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post – WP Rating System plugin <= 3.3.4 at WordPress. | ||||
| CVE-2016-9092 | 1 Symantec | 2 Content Analysis, Mail Threat Defense | 2024-09-17 | N/A |
| The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with the privileges of an authenticated administrator user. | ||||
| CVE-2022-23976 | 1 Accesspressthemes | 1 Access Demo Importer | 2024-09-17 | 8.1 High |
| Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on WordPress allows an attacker to reset all data (posts / pages / media). | ||||
| CVE-2018-19318 | 1 Srcms Project | 1 Srcms | 2024-09-17 | N/A |
| SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account. | ||||
| CVE-2022-38095 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-09-17 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.3 at WordPress. | ||||