Total
6248 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8521 | 1 Mcafee | 1 Network Data Loss Prevention | 2024-09-17 | N/A |
| Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2021-29837 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-17 | 8.8 High |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913. | ||||
| CVE-2021-42358 | 1 Contact Form With Captcha Project | 1 Contact Form With Captcha | 2024-09-17 | 8.8 High |
| The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. | ||||
| CVE-2022-29451 | 1 Rarathemes | 1 Rara One Click Demo Import | 2024-09-17 | 8.8 High |
| Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | ||||
| CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2024-09-17 | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | ||||
| CVE-2017-8848 | 1 Allen Disk Project | 1 Allen Disk | 2024-09-17 | N/A |
| Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password. | ||||
| CVE-2020-6776 | 1 Bosch | 4 Praesensa, Praesensa Firmware, Praesideo and 1 more | 2024-09-17 | 8.8 High |
| A vulnerability in the web-based management interface of Bosch PRAESIDEO until and including version 4.41 and Bosch PRAESENSA until and including version 1.10 allows an unauthenticated remote attacker to trigger actions on an affected system on behalf of another user (Cross-Site Request Forgery). This requires the victim to be tricked into clicking a malicious link or submitting a malicious form. A successful exploit allows the attacker to perform arbitrary actions with the privileges of the victim, e.g. creating and modifying user accounts, changing system configuration settings and cause DoS conditions. Note: For Bosch PRAESIDEO 4.31 and newer and Bosch PRAESENSA in all versions, the confidentiality impact is considered low because user credentials are not shown in the web interface. | ||||
| CVE-2017-1672 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-17 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 133639. | ||||
| CVE-2008-0182 | 1 Liferay | 1 Liferay Enterprise Portal | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message. | ||||
| CVE-2019-1857 | 1 Cisco | 28 Hx220c Af M5, Hx220c Af M5 Firmware, Hx220c All Nvme M5 and 25 more | 2024-09-17 | N/A |
| A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. | ||||
| CVE-2022-0916 | 1 Logitech | 1 Options | 2024-09-17 | 8.4 High |
| An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | ||||
| CVE-2019-1003017 | 1 Jenkins | 1 Job Import | 2024-09-17 | N/A |
| A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration. | ||||
| CVE-2012-4486 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2024-09-17 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Subuser module before 6.x-1.8 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that switch the user to a subuser via unspecified vectors. | ||||
| CVE-2012-0303 | 1 Symantec | 1 Message Filter | 2024-09-17 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. | ||||
| CVE-2022-29489 | 1 Sucuri | 1 Security | 2024-09-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. | ||||
| CVE-2021-38868 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2024-09-17 | 6.5 Medium |
| IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force Id: 208310. | ||||
| CVE-2016-1265 | 1 Juniper | 1 Junos Space | 2024-09-17 | N/A |
| A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors. All versions of Juniper Networks Junos Space prior to 15.1R3 are affected. | ||||
| CVE-2018-11447 | 1 Siemens | 2 Scalance M875, Scalance M875 Firmware | 2024-09-17 | N/A |
| A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. | ||||
| CVE-2022-1389 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-09-17 | 3.1 Low |
| On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-29450 | 1 Admin Management Xtended Project | 1 Admin Management Xtended | 2024-09-17 | 5.4 Medium |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | ||||