| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules. |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature. |
| A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature. |
| A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. |
| Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, and EX6130 before 1.0.0.44. |
| The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF attack that results in injecting arbitrary Ruby code (for an eval call) via the CONSOLE_COMMAND_STRING parameter. |
| DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. |
| In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange. |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. |
| Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature. |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers. |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company. |
| An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords. |
| TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is vulnerable to Cross Site Request Forgery (CSRF). All configuration information is placed in the URL, without any additional token authentication information. A malicious link opened by the switch administrator may cause the password of the switch to be modified and the configuration file to be tampered with. |
| b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. |
| furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client. |
| Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges. |
| An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI), allows an attacker to send a specific BGP update which may cause RPKI policy-checks to be bypassed. This, in turn, may allow a spoofed advertisement to be accepted or propagated. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.2 versions prior to 17.2R3-S3; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R2. |
| Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request forgery (CSRF) vulnerability. An attacker can enable remote access, change passwords, and perform other actions through misconfigured requests, entries, and headers. |
| Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. |
