| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. |
| A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. |
| An issue was discovered in the administrator interface in IPBRICK OS 6.3. The application doesn't check for Anti-CSRF tokens, allowing the submission of multiple forms unwillingly by a victim. |
| e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators. |
| RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. |
| An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add. |
| An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user. |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php. |
| An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true. |
| An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. |
| There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. |
| An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. |
| The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field. |
| An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf. |
| The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF. |
| A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Orchestration Designer include all versions up to 7.2.1. |
| my little forum 2.4.12 allows CSRF for deletion of users. |
